Woe to McAfee ePO

I’ve been able to get my hands dirty with McAfee ePolicy Orchestrator. It all starts with our Enterasys NAC solution. We push the enterasys NAC agent out to windows via gpo. We then check for core software components to stay compliant with security policies. One of the products we check for is antivirus. The NAC agent checks the Microsoft security center via WMI in order to check for McAfee. We then generate reports on which clients do not have antivirus installed, not running, or that are not up to date.


EPO then allows us to get McAfee up to date with latest dats, patches, and policy settings. The starting point for this to work is making sure that the McAfee agent is properly installed and running. I was recently given full admin access to check in with ePO to get things compliant. The first issue I ran into was that some machines were in the unmanaged state. After checking these machines, I found that they had the latest McAfee agent installed, but the agent was failing to pull info from ePO. I decided to assign a client task to force the McAfee agent to be re-installed on these machines. One of of the McAfee docs said that this wasn’t the best method, but after the agent was re-installed, the machines came back into the managed state. I was then able to push the latest version of McAfee and dat files.

The next issue I ran into was that some machines looked fine in ePO, but showed all zeros for the dat. The agent on the client would just fail when trying to get the new dat. I fixed this by just manually installing the latest dat and then I was able to push the new dat from ePO the next day. This is just a bandaid for now, but I’ll continue to dig further.

All in all, ePO seems to be a great product, even with the issues I’m running into. Its one of those things were you just need to dedicate time to. You can get away with creating auto tasks for updates, but you have to stay on top of it. After all, antivirus performance significantly degrades in catching things if its not consistently being updated.