5 Replies Latest reply on May 20, 2017 8:54 AM by aiolawale

    McAfee Agent Installation with Patch Manager


      Hi all,


      Is there any way to deploy old version of McAfee agents to a group of computers using Patch Manager where deployment from EPO server is not an option? Or someone please advise any other option e.g logon scripts.


      Thanks  advance.

        • Re: McAfee Agent Installation with Patch Manager

          Is the installer for the McAfee agent an .MSI, .EXE, or .MSP?  If so you could build a package for it and publish it into WSUS or SCCM with Patch Manager.

            • Re: McAfee Agent Installation with Patch Manager

              Hi Kellytice,


              Thanks for your response. Te McAfee agent is an .exe file. All the documentation I've seen on Patch Manager refers to MSI files.

                • Re: McAfee Agent Installation with Patch Manager

                  If it is an .EXE then you can build a package for it and publish that into WSUS or SCCM.


                  The biggest learning curve when building your own packages is defining the rules that are (mostly) used to determine applicability of the update for any given targeted machine.  You  can usually look at some of the packages that SolarWinds provides to get a feel for what types of things are being checked for.

                  In a nutshell the rules that need to be defined are:
                  Prerequisite - these rules are the high level "weed out' rules.  They usually make sure that the target machine is at least a certain Windows version, or that it is a certain language, or that it is a certain processor type.   You would generally have at least one such check in this set.  If the net returned value of the rules evaluated here is False, then the machine will stop evaluating the update right then (e.g. it will be noted as "Not Applicable" and be skipped) and not move on to evaluate the other rules.

                  Applicability - these rules usually go a little deeper into the target machine.   You could use a file check or a registry check to make sure a file exists on the target machine and/or (more commonly) you could check a file or registry value to see if the software that is attempting to be deployed is already on the target machine.   If the software is there, the rule here could make sure the version on the machines is less than the version your package is trying to install.  If it is already there at the same or later version it would be considered "Not Applicable".

                  Installed - the installed rule just determines if this particular version of the software is already on the machine.  It is mostly used to report to WSUS "hey i already have this update".   This ruleset is often the same ruleset used for Applicability - except that the check here is for "equal to" instead of "less than".


                  As long as you can wrap your head around the concepts of those rules and the process of creating those rules you should be OK.


                  This blog talks a bit about all this: Deploying Custom Packages with Patch Manager

                  and this video also shows the process of building one:   Package Creation Using SolarWinds Patch Manager - YouTube