Any McAfee reps in the house?

patrickdeno2 · 2018-05-31T14:18:57.000Z

I need to talk to someone about upgrading our ancient version of ePO and maybe get a tech to hold my hand as I go through the process.

The problem is that I have been waiting on tech support to call me back for two days. Getting tired of waiting and fearing I’m going to miss the call if I have to use the facilities or go to lunch. Is there a rep in the house that could jump-start this process or figure out why it’s taking so long for someone to get back to me?

Rod-IT · 2018-05-31T14:22:42.000Z

Why do you need a rep - we can help you, if you want it?

What version of EPO are you on, what agent version VSE etc.

Tell me where you need guidance and I am sure I can guide.

patrickdeno2 · 2018-05-31T14:33:06.000Z

Hiya Rod-IT,

You’ll have to excuse me. I’m just a little bent that we pay so much for this product, but when we need support I sit on hold until the robo-system tells me it’s been a while and I should join the queue for a call-back. Then … nothing … for days. Grrrrrrr!

Basically, we’re on ePO 4.6.8 and would like to go to 5.9 to be able to take advantage of all the new advances. One of my biggest preparatory questions is: would it be better to blow the entire installation away and start from scratch at this point, or backup the entire kit-&-kabootle so I can move it to a different server? Right now, we have it installed on our main DC, which makes me nervous. If we have to do anything that involves rebooting the server, I’m going to be pulling some late nights.

I’m good at my job, but I was hoping to get an expert from McAfee to remote in with me to make sure I proceed in the most efficient and knowledgeable way possible. Please don’t think that I was discounting the knowledge and experience of my fellow Spicers. I know how good you guys are.

Rod-IT · 2018-05-31T14:49:27.000Z

Typically you buy from a reseller, so you get support from them, as well as McAfee - why have you not reached out to them?

4.6 has been EOL for a while now, and having it on your DC scares me too, so we/you/them need to plan to move that.

Depending on how many devices, policies and products you have depends on how it is tackled.

You cannot go directly to 5.9 from 4.6 though, you will need to do a few jumps to get there, so what we need to know is the following;

How many devices, which products, do you plan to upgrade the OS as well as SQL, if you are the person who manages this, why have you left it so long to migrate/upgrade to a supported version?

I am happy to guide you, but if you are adamant you want McAfee direct, I would keep calling them or contact your account manager, you’ll not get much support otherwise, you need to contact whoever you usually deal with.

dont really see many from McAfee on here taking part, though on occasions I do get them thanking me for my guidance.

If it helps I have 15+ years (at least 3 more than you’ve been in IT for) with EPO and McAfee products, many of.

I manage 3 EPO at work and one in my lab - happy to help if you want it

patrickdeno2 · 2018-05-31T15:39:19.000Z

Hey Rod-IT,

First up, I just inherited this seat a few weeks ago. I knew our version was ancient and I knew there would be interim upgrades to go through. Hence why I wanted a tech to hold my hand. The biggest problem is that I joined this company only a few weeks ago and am just getting settled in. The guy in the seat before me never bothered to document anything, change default passwords on anything (or if he did, he didn’t document what he changed the too, either), or keep up with anything - hence why he no longer sits in my seat and I do.

I have no idea who we originally got our licensing through, but I have a suspicion it was Dell.

---------- hold the presses!

You won’t believe who just rang my phone while I was typing the above paragraph. Yup, McAfee finally graced me with its presence. He let me know that yes, our version is EoL. Not only that but, because of that, tech support help would be limited. I asked some pertinent question and agreed that what I already had in mind would be our best course.

New plan: gonna install the the newest version of ePO on a different server and, using the KB79283, I will then transfer over the config from the old installation and blow it away.

Wish me luck!

Rod-IT · 2018-05-31T15:42:09.000Z

If you give me some background, at least if oyu need me I have an idea of what you have - by all means PM me if you dont want it public,

But how many devices, what products etc.

patrickdeno2 · 2018-05-31T15:49:31.000Z

We have 160 Client machines and 14DC. More specifics I’d rather not get into at the moment, but I do appreciate your willingness to help more than you know. I’m going to dive into that knowledge base article and see how far I get before I scream uncle. I’ll be sure to return to this thread for your expert assistance if I get lost.

Thanks again, Rod. It means a lot.

Rod-IT · 2018-05-31T16:09:30.000Z

You have an unusual amount of DCs for such a small client base

Good luck

patrickdeno2 · 2018-05-31T16:11:10.000Z

One main and I guess 13 at outlying offices. We have stores and plants all over the western states and each one has its own server. Again, I only inherited. I did not set any of this up.

patrickdeno2 · 2018-06-06T12:24:45.000Z

Hey Rot-IT,

Now I do have a question for you: I’ve gotten ePO 5.9 up and running and it’s covering everything that is not an XP machine or 2003 server. Good times. However, I’m trying to figure out how to get a bit more granular with the agents.

Specifically, McAfee Access Protection is wanting to block (though the rule is not, as yet, enforced) Spiceworks and I’d like to figure out how to whitelist it. Is that possible through ePO? If so, could you direct me to where? I can’t seem to find anywhere I can do such a thing. Or, perhaps, there’s a different way? Any info would be greatly appreciated.

5/14/2018	5:03:02 AM	Would be blocked by Access Protection rule  (rule is currently not enforced) 	CORPORATE\[spiceworks admin account]	C:\WINDOWS\SYSTEM32\WSCRIPT.EXE	C:\WINDOWS\TEMP\SPICEWORKS\NETSTAT.TXT	Anti-spyware Maximum Protection:Prevent execution of scripts from the Temp folder	Action blocked : Read

@rod-it

Rod-IT · 2018-06-06T12:39:40.000Z

Is it causing a problem or simply logging that it ‘would block’

The log suggests the latter, it also suggests you are using VSE - any plans to migrate to ENS?

Rod-IT · 2018-06-06T12:40:44.000Z

But yes, you can add it to an exception via EPO, I just don’t have access to mine at present to guide you

patrickdeno2 · 2018-06-06T12:46:09.000Z

Rod-IT:

Is it causing a problem or simply logging that it ‘would block’

The log suggests the latter, it also suggests you are using VSE - any plans to migrate to ENS?

Hence why I said the rule wasn’t being enforced. However, it does show up as a security warning, and my OCD is not only going nuts, I don’t want users getting bored, digging through the agent and then freaking out, thinking they’re being hacked.

As far as VSE vs. ENS, I’m going to show my ignorance here, but I honestly don’t know the difference. As to plans, our renewal comes due in about 3 months and we’re shopping around for solutions to see what we can find on deals. We may revisit McAfee and see what we can’t change for a better coverage if it turns out to be the better solution.

Rod-IT · 2018-06-06T13:01:48.000Z

ENS is the new improved virus scan, that can include firewall and web-protection in one, it’s scan engines are much better and streamlined.

If you are concerned about users looking at logs, they need more work to do, hide the icon so they cant see the agent if its that much of an issue.

If you plan to shop around and consider changing from McAfee to a-n-other, there is not much point in clearing the alert as it will go with a new product anyway, but you need to disable ‘report’ status for access protection logs, however it is on or off and doesn’t just include this alert

patrickdeno2 · 2018-06-06T13:08:38.000Z

Well, part of this whole exercise has been to not only upgrade our ancient version of McAfee, but to also learn the system and my network. I’m new to this company, having only joined a month ago, so I am learning as I go. I don’t necessarily want to disable the log. That’s going after a fly with a sledgehammer. However, I would still like to whitelist Spiceworks so as to head off any future problems should there be a need to change policies. I like to call it, ‘building for the future.’

Rod-IT · 2018-06-06T15:05:30.000Z

It isnt causing a problem though, it is doing exactly what you asked it to, report when something triggers this rule, the fact it isnt blocking just means it creates a log of this.

As for users poking around in the logs, I think you are worrying about something that is perception and not fact at this point and even if it was, they can’t do anything about it

patrickdeno2 · 2018-06-06T15:12:31.000Z

Thanks for your help. I found what I needed.

Rod-IT · 2018-06-06T15:13:40.000Z

What did oyu do, add it to a trust or low priority?

Rod-IT · 2018-08-07T17:51:24.000Z

It would be nice if you updated everyone looking at this topic on what you did, so others facing the same issue know how to resolve it.

patrickdeno2 · 2018-08-07T19:53:49.000Z

Rod-IT:

It would be nice if you updated everyone looking at this topic on what you did, so others facing the same issue know how to resolve it.

Hi Rod,

What did we do? After a lot of research and more than a few demos of competing solutions, my company took my recommendation and dumped McAfee for Bitdefender GravityZone - and honestly, I’m glad we did. McAfee wasn’t finding a lot of latant stuff that was hiding in ancient files and on some of my users’ machines. BD GZ went right to work and killed a whole passel of icky stuff that we didn’t even know existed.

Mischief managed.