The McAfee Agent is the distributed component of McAfee ePolicy Orchestrator (McAfee ePO). It downloads and enforces policies, and executes client-side tasks such as deployment and updating. The Agent also uploads events and provides additional data regarding each system’s status. It must be installed on each system in your network that you wish to manage. The agent collects and sends event information at intervals to the McAfee ePO server. It also installs and updates the endpoint products, and applies your endpoint policies. Systems cannot be managed by McAfee ePO unless the McAfee Agent is installed.
Read the introduction to McAfee ePO prior to moving forward with this instruction.
The following policy allows for remote viewing of the McAfee Agent log via browser and increases the Agent to Server Connection Interval (ASCI) from the default of 60 minutes to 120 minutes.
One reason to modify the Agent to Server Connection Interval on a group of systems might be to lessen the impact on already taxed WAN connections to remote sites, or simply because you are managing many thousands of systems. See more information on the McAfee Agent in the Quick Tips video Controlling Agent Communication.
NOTE: To view the McAfee Agent Log on a remote system, type the following your web-browser: http://<computer_name_or_IP_address>:8081 where 8081 is the default port for the Agent Wake Up call. If you changed this port number during McAfee ePO installation, then use the port you specified. This can be very useful when you need to view the log for a system on the other side of the country. You can test this function after deploying the Agent.
Deploy the McAfee Agent
Before deploying the McAfee Agent, you should verify both communication between the server and systems, and access to the default Admin$ share directory on the client. If your test systems are not part of a domain, you can simply copy Framepkg.exe to your client systems and execute it locally when we reach that step. Framepkg.exe is located on the McAfee ePO server in one of the following directories:
C:\Program Files\McAfee\ePolicyOrchestrator\DB\Software\Current\EPOAGENT3000\Install\0409 or
From the McAfee ePO server click Start | Run, then type \\computer-name\admin$, where computer-name is the NetBIOS name of one of the client systems. If the systems are properly connected over the network, your credentials have sufficient rights, and the Admin$ shared folder is present, a Windows Explorer dialog box opens.
Deploying the McAfee Agent
As previously mentioned, a Windows domain is not a requirement to use McAfee ePO, but there are certain advantages when used in the context of a domain. One of those is the push installation of the management agent known as the McAfee Agent. McAfee ePO pushes this installer to Admin$ share on your test systems and installs with Domain Admin credentials you specify. In fact, this is the only installation that uses a push method. Once the Agent is installed, clients will pull the various endpoint protection components for installation.
It is assumed you have a limited number of test systems (under 50), so we will push the Agent to all the machines in the System Tree.
Note: You can drag and drop commonly used items from the Actions button onto the taskbar at the bottom of the McAfee ePO interface, as shown in the following figure.
Verifying Agent Communication with ePolicy Orchestrator
Once the initial agent-server communication has occurred, the agent polls the server once every 60 minutes by default. This is known as the Agent to Server Communication Interval or ASCI. Earlier we applied a policy that changed that interval to 120 minutes. At each interval the Agent polls McAfee ePO to upload client events and retrieve any policy or task changes, or new installation instructions.
With an ASCI of 120 minutes, an agent that polled the server 30 minutes ago will not pick up any new policies for another 90 minutes. However, you can always force systems to poll the server with an Agent Wake Up Call. The Wake Up Call is useful when you need to force a policy change sooner than the next communication would occur. It can also be used to force clients to run tasks on demand, such as an immediate update or scan.
Sending an Agent Wake Up Call
Send a Wake Up Call to force polling by clients who have not yet communicated with the McAfee ePO server.
Note: If sending a Wake Up Call fails to populate the client’s IP address and user name, other environmental factors might be preventing the initial agent deployment. If this happens, simply copy the agent installer, Framepkg.exe, located on the ePolicy Orchestrator server, and run it locally on your test systems. Verify that a host or network firewall is not blocking agent communication to the server. There are many additional ways to deploy the McAfee Agent, such as login scripts or third-party deployment tools. See the ePolicy Orchestrator Product Guide for additional information.