McAfee ePO 5.10 Installation on Single Server - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Thursday, July 1, 2021

McAfee ePO 5.10 Installation on Single Server

With McAfee ePO software, IT administrators can unify security management across endpoints, networks, data, and compliance solutions from McAfee and third-party solutions. McAfee ePO software provides flexible, automated management capabilities so you identify, manage, and respond to security issues and threats. You define how McAfee ePO software should direct alerts and security responses based on the type and criticality of security events in your environment, as well as create automated workflows between your security and IT operations systems to quickly remediate outstanding issues. 






Features 

Please refer to ePO documentation : https://www.mcafee.com/enterprise/en-ca/downloads/trials/epolicy-orchestrator.html

The ePO Software Repository


The McAfee ePO server is the central software repository for all McAfee product installations, updates, and other content. The modular design of ePolicy Orchestrator allows new products to be added as extensions. This includes new or updated versions of McAfee and McAfee-compatible solutions from the Security Innovation Alliance. Packages are components that are checked in to the master repository, and then deployed to client systems. ePolicy Orchestrator also allows for replication to distributed repositories at remote locations for bandwidth optimization.

For McAfee ePO to keep your client systems up-to-date, a repository task that retrieves updates from a McAfee site (HTTP or FTP) was created to run daily at 1:00 am. The steps below show you how to modify the task so that it checks the McAfee update site every 12 hours instead.

Systems and the System Tree

The ePolicy Orchestrator System Tree organizes managed systems in units for monitoring, assigning policies, scheduling tasks, and taking actions. These units are called groups, which are created and administered by Global Administrators or users with the appropriate permissions. Groups may contain both systems and other groups. As shown in the graphic below, the installer created a sample system tree during setup.

Three groups were created under the default My Organization group; Laptops, Servers, and Workstations. The Servers group also has several subgroups for different server types based on function or role. These sample groups were created for your convenience. You are not required to use them, but they are referenced in the instructional exercises that follow. If you wish to test system & group creation through Active Directory, detailed steps are provided in the McAfee Quick Tips video Active Directory Synchronization in ePO.

  • adding system with automatic discovery
  • adding system manually



Compatibility Matrix


Microsoft operating systemMinimum Supported Versions
ePO
5.10.0
Update 7
ePO
5.10.0
ePO
5.9.0

5.9.1
Windows Server 2019 Version 2004YesNoNo
Windows Server 2019 Version 1909
Windows Server 2019 Version 1903
Windows Server 2019 Version 1809
YesYesNo
Microsoft Windows Server 2016Yes 3Yes 3Yes 3
Microsoft Windows Server 2012 R2
(Standard and Datacenter)
YesYesYes
Microsoft Windows Server 2012
(Standard and Datacenter)
YesYesYes
Microsoft Windows Server 2008 Release 2 (64-bit)
(Standard, Enterprise, and Datacenter)
Yes 2Yes 2Yes 2
Microsoft Windows Server 2008 (64-bit)1
(Standard, Enterprise, and Datacenter)
NoNoNo
Microsoft Windows Server 2008 (32-bit)
(Standard, Enterprise, and Datacenter)
NoNoNo
Microsoft Windows 2003 Storage ServerNoNoNo
Microsoft Windows Server 2003 Release 2 (32-bit)NoNoNo
Microsoft Windows Server 2003 Release 2 (64-bit)NoNoNo
Microsoft Windows Server 2003 (32-bit)NoNoNo
Microsoft Windows Server 2003 (64-bit)NoNoNo
Microsoft Windows 2003 WebNoNoNo




Microsoft SQL versionsMinimum Supported Versions
ePO
5.10
ePO
5.9.1
ePO
5.9.0

 
SQL Server 2019 Express
SQL Server 2019
YesNoNo
SQL Server 2017 ExpressYesYesNo
SQL Server 2017YesYesNo
SQL Server 2016 ExpressYesYesYes
SQL Server 2016YesYesYes
SQL Server 2014 ExpressYesYesYes
SQL Server 2014YesYesYes
SQL Server 2012 ExpressYesYesYes
SQL Server 2012YesYesYes
SQL Server 2008 R2 ExpressNoYesYes
SQL Server 2008 R2NoYesYes
SQL Server 2008 ExpressNoYes 1Yes 1
SQL Server 2008NoYes 1Yes 1
SQL Server 2005 ExpressNoNoNo
SQL Server 2005NoNoNo



Upgrade path


Supported Upgrade Paths:
 

Upgrade
From
Version
Upgrade To ePO Version
5.105.9.15.9.05.3.35.3.25.3.15.3.05.1.35.1.25.1.1
5.9.1Supportedn/an/an/an/an/an/an/an/an/a
5.9.0SupportedSupportedn/an/an/an/an/an/an/an/a
5.3.3SupportedSupportedBlockedn/an/an/an/an/an/an/a
5.3.2SupportedSupportedSupportedSupportedn/an/an/an/an/an/a
5.3.1SupportedSupportedSupportedSupportedSupportedn/an/an/an/an/a
5.3.0BlockedBlockedBlockedBlockedSupportedSupportedn/an/an/an/a
5.1.3 (EOL)SupportedSupportedSupportedSupportedSupportedSupportedn/an/an/an/a
5.1.2 (EOL)BlockedBlockedBlockedSupportedSupportedSupportedn/aSupportedn/an/a
5.1.1 (EOL)BlockedBlockedBlockedSupportedSupportedSupportedSupportedSupportedSupportedn/a
5.1.0 (EOL)BlockedBlockedBlockedSupportedSupportedSupportedSupportedSupportedBlockedSupported




SQL Server 2016  with SP1 Express Edition







Below links are for SQL Server 2016 with SP1 Express Edition (English):

  1. Express Core (411 MB): https://download.microsoft.com/download/9/0/7/907AD35F-9F9C-43A5-9789-52470555DB90/ENU/SQLEXPR_x64_E...
  2. Express Advanced (1255 MB): https://download.microsoft.com/download/9/0/7/907AD35F-9F9C-43A5-9789-52470555DB90/ENU/SQLEXPRADV_x6...






Installation Steps



  1. Log on to the Windows Server system to be used as the McAfee ePO server.
    Use an account with local administrator permissions.
  2. Locate the software you downloaded from the McAfee website and extract the files to a temporary location. Right-click Setup.exe and select Run as Administrator.
    The executable is located in the downloaded McAfee ePO installation folder.
    CAUTION: If you try to run Setup.exe without first extracting the contents of the .zip file, the installation fails.
    The McAfee ePolicy Orchestrator - InstallShield Wizard starts.
  3. Click Next to continue the installation.
    Monitor the installation process when using the InstallShield Wizard. You might need to restart your system.
  4. In the Destination Folder step, click either:
    • Next to install your McAfee ePO software in the default location (C:\Program Files (x86)\McAfee\ePolicy Orchestrator\).
    • Change to specify a custom destination location for your McAfee ePO software. When the Change Current Destination Folder window opens, browse to the destination and create folders as needed, then click OK.
  5. The installer searches for SQL Servers. If the installer finds any SQL Servers, it automatically moves to the next stage and the servers it finds can be selected from a drop-down list. If the installer is unable to find any, a dialog box asks if you want to search again. Click No to go to the next step where the SQL Server information can be entered manually.
  6. In the Database Information step, specify information for your database, then click Next.
    1. Specify the Database Server and Database Name.
      Database Server

      If the installer found the SQL Server in the previous step, select your server from the drop-down list. If the server is not listed, enter the information manually by typing the name of the SQL Server.

      If you are using dynamic SQL ports, enter the name of the SQL Server and the name of the SQL instance separated by a backslash. For example, if your SQL Server is called SQLServer and you are using the default instance name of MSSQLSERVER, enter SQLServer\MSSQLSERVER.

      Database NameThis value is automatically populated with the name of the database. Enter a new database name to change the value.
    2. Specify which type of Database Server Credentials to use.
      Windows authenticationFrom the Domain menu, select the domain of the user account to use for accessing the SQL Server from the drop-down list. If the required domain is not listed, type the domain name, user name, and password.
      SQL authenticationType the user name and password for your SQL Server. Make sure that credentials you provide represent an existing user on the SQL Server with appropriate rights.
      NOTE: The Domain menu is grayed out when using SQL authentication.
    3. Click Next.

      The installer attempts to connect to the SQL Server using the credentials given. If the installer can't automatically determine the port, this message appears: Setup was unable to access the SQL UDP port 1434. Click OK to return to the Database Information page. However, the SQL Server TCP port field is now available. Enter the port and click Next.

  7. The Pre-Installation Auditor automatically starts. Review the results and correct any failures, then click Rerun. Once all checks have passed, click Finish.


  8. In the HTTP Port Information step, review the default port assignment, then click Next to verify that the ports are not already in use on this system.
    IMPORTANT: You can change some of these ports now. When your installation is complete, you can change only the Agent wake-up communication port and Agent broadcast communication port.
  9. In the Administrator Information step, type this information, then click Next.
    1. Type the user name and password you want to use for your primary administrator account.
    2. Type the server recovery passphrase.
      The passphrase includes 14–200 characters, must not contain leading or trailing backslashes (\), spaces, double quotation marks ("), or characters below ASCII 32 or above ASCII 65535.
      IMPORTANT: Keep a record of this passphrase; you need it to decrypt the Disaster Recovery Snapshot records and McAfee can't recover it.


  10. In the Type License Key step, type your license key, then click Next.
    If you don't have a license key, you can select Evaluation to continue installing the software in evaluation mode. The evaluation period is limited to 90 days. You can enter a license key after installation is complete from the McAfee ePO Settings or Software Catalog. Optionally, if you want McAfee ePO to automatically download the products you are licensed for after the installation completes, select Enable Automatic Product Installation. For more information, see Automatic Product Installation.
    NOTE: The Enable Automatic Product Installation option is enabled by default and only available if you have a license key.


  11. Accept the McAfee End User License Agreement and click OK.
  12. From the Ready to install the Program dialog box, decide if you want to allow McAfee to collect system and software telemetry data, then click Install to begin installing the software.
  13. When the installation is complete, click Finish to exit the Setup program.




Database Server IP Change

If DB server ip changed or moved, follow this kb to re-config ePO server connection:

https://kc.mcafee.com/corporate/index?page=content&id=KB68427



https://localhost:8443/core/config


After tested Connection, do not forget to apply it. Apply button is at the bottom right corner. 






References






No comments:

Post a Comment