Install & Upgrade
Review the supported platforms and environments documentation prior to installation:
The deployment checklist helps you prepare for installation and upgrade to McAfee Advanced Threat Defense:
Ensuring that you have the right ports open for proper initialization and communication between your peer devices and McAfee Advanced Threat Defense is a critical step in the installation process:
Refer to the relevant installation guide for instructions to install McAfee Advanced Threat Defense:
- McAfee Advanced Threat Defense 4.6.0 Installation Guide
- Installation Best Practices
- Installing McAfee Advanced Threat Defense in a cluster environment
All product software, release notes, and documentation are available on the Product Downloads page.
Post Installation and Upgrade
Conduct the following checks once you have finished the install or upgrade process:
- Confirm that you can log in to the McAfee Advanced Threat Defense web interface. View recommended browser and security settings.
- First time log-in credentials are default
- Check the Manager → Logs → Upgrade to confirm the current version installed
- All data and configuration settings are transferred from your previous version, in case of an upgrade
- Check the Dashboard to confirm that VM Creation status is successful on VM Status Monitor
Note: If your current version of McAfee Advanced Threat Defense is earlier than 4.0, such as 3.8.x (EOL), you must migrate to version 4.2 before migrating to the latest version. Refer to the McAfee Advanced Threat Defense 4.2 Migration Guide for detailed instructions.
Backup and Recovery
McAfee Advanced Threat Defense provides a migration package for customers to migrate both physical and virtual appliances.
- The migration process time will depend on the size of your database
- Please allow a minimum of 90 minutes for your migration to complete
Note: You cannot upgrade to McAfee Advanced Threat Defense 4.6. Customers can migrate to version 4.6 using the migration package.
Reference these documents for more information:
Refer to the following guide on how to migrate from your current version to McAfee Advanced Threat Defense 4.6:
For configuration settings to apply and be successful, we highly recommended to review the user accounts on your appliance and change the default passwords for both atdadmin and cliadmin.
You will be prompted at first-time login to change the default passwords. For details, see Password Control.
Configuration of VMs and malware analysis are key steps to a successful deployment. Please see the guides below to make the best decisions for your setup:
Refer to the following documentation for details on configuration and setup of McAfee Advanced Threat Defense:
If you encounter any issues during installation, migration, and configuration of the product, logs will need to be collected and sent to McAfee Technical Support for analysis.
- If you run into an issue generating the support bundle, see KB 91236
- Remote Management Module (RMM) will need to be enabled on your appliance for remote troubleshooting
Frequently used troubleshooting articles by topic:
- Windows 10 VM fails to run and analyze submitted files (KB 89978)
- VM creation status is reported as failed after you migrate to Advanced Threat Defense 4.6.0 and perform automatic VM creation (KB 91070)
McAfee Advanced Threat Defense Appliance
- Troubleshooting boot failures with the appliance (KB 82713)
- Advanced Threat Defense fails to boot in hypervisor when you boot from the backup disk and perform an upgrade (KB 81445)
McAfee Network Security Platform Integration
- McAfee Advanced Threat Defense FAQ (KB 79333)
- How to delete unnecessary image files (VMDK and IMG) from the McAfee Advanced Threat Defense Appliance (KB 87101)
Root Certificate Expiration
The McAfee product line uses TLS for secure communication. Two certificates validate McAfee TLS chains, including a primary expiring in 2038 and a secondary expiring on May 30, 2020. If either certificate, or both, are present in your environment, TLS will function correctly prior to May 30, 2020. After May 30, 2020, only the primary certificate will be valid. Out of an abundance of caution McAfee is informing customers of this impending event.
Generally, certificates are auto-updated through operation systems and customers will not be impacted. However, in environments where automatic management of root certificates is disabled and the primary certificate has not been manually deployed, customers will potentially be impacted. KB92937 provides information on how to verify and install the primary certificate.
Failure to have a valid certificate will cause product issues including reduced detection efficacy.
The primary certificate that needs to be validated is in a customer's environment as below:
Subject : CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US
Thumbprint : 2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
Expiration : 2038-01-18
Subscribe to KB92937 to receive updates.