Mcafee EPOLICY ORCHESTRATOR Walkthrough Guide
Release Notes for McAfee ePolicy Orchestrator 4.5
z About this document
z New features
z Known Issues
z Installation, upgrade, and migration considerations
z Considerations when uninstalling ePolicy Orchestrator
z Other information
z Finding documentation for McAfee enterprise products
z License attributions
About this document
Thank you for using
McAfee
®
ePolicy Orchestrator® software version 4.5. This document contains important
information about this release. We strongly recommend that you read the entire document.
CAUTION: McAfee does not support automatic upgrading of a pre-release version of this software. If you are
running any previously released version of the McAfee ePolicy Orchestrator 4.5 software in your environment, you
must uninstall before installing this version of the software.
NOTE: SQL 2000 is not supported in ePolicy Orchestrator 4.5. Users must use SQL 2005 or SQL 2008.
New features
New and enhanced features in the McAfee ePolicy Orchestrator 4.5 release are described below:
z Scalability
z Custom data channel
z Improved security for agent-server communication
z Move agents between servers
z Navigation redesign
z Drag-and-drop
z Policy Assignment Rules
z Automatic Responses
z IPv6 support
z LDAP support
z Issues and ticketing
z Multi-server rollup reporting improvements
z Queries system improvements
z Rogue System Detection improvement s
z Searchable Help
Scalability
The ePolicy Orchestrator 4.5 software supports enhanced scalability through the use of remote Agent Handlers.
Agent Handlers can be installed on the servers where agents connect to retrieve policies, client actions, and
updates. Agents can also use Agent Handlers to send properties and events to your primary ePO server.
Support of multiple Agent Handlers enables one ePO server to manage a larger set of installed products on a larger
set of managed systems. Agent Handlers can be deployed to strategic points in your network environment,
enabling management of systems that cannot access the main ePO server directly. They can also be used in
locations where the ePO server can be accessed directly.
Custom data channel
The custom data channel is a bi-directional channel for sending product-specific data between ePolicy Orchestrator
and the products on your managed systems. This feature allows
McAfee to provide UI actions, which are used when
troubleshooting with real-time feedback. These actions are designed to operate on a single system, while providing
real-time status to your ePO administrators. The Update Now command, which allows you to update a managed
system on demand, is an example of this feature.
Improved security for agent-server communication
Agent communication with the ePO server now uses TLS (Transport Layer Security) protocol for improved security.
Move agents between servers
You can now move agents from one ePO server to another with the Transfer Systems feature.
Navigation redesign
The navigation for the ePO console has been redesigned for the 4.5 release. Now you can access any of the firstlevel ePolicy Orchestrator tabs from the new ePO Menu. You can also add the pages you use most frequently to the
favorites bar: simply drag any entry in the Menu and drop it onto the favorites bar to the right of the Menu.
Drag-and-drop
You can use drag-and-drop functionality to move certain objects in the interface. You can:
z Add Menu items to the favorites bar.
z In tables, add commonly used actions from the Actions menu to the Action bar.
z Using the Systems table, move selected systems or groups of systems to a different group in the System
Tree.
z In the System Tree, move groups and subgroups into other groups.
Policy Assignment Rules
ePolicy Orchestrator 4.5 allows you to assign policies to unique groups or to individual users through the use of
Policy Assignment Rules. This feature enables policy assignment based on the Active Directory groups that users
belong to, instead of the system they are using. You can include individual users, groups, and Organizational Units
(OUs) in a rule. You can also exclude specific users from a rule. McAfee SiteAdvisor Enterprise 3.0 is the first
managed product to leverage this feature.
Automatic Responses
The new Automatic Responses feature replaces the Notifications feature. This new feature allows you to create rules
for responding to events that are specific to your business environment. Available actions include:
z Sending email notifications.
z Sending SNMP traps.
z Creating issues for use with integrated third-party ticketing systems.
z Running a registered executable or server task.
IPv6 support
ePolicy Orchestrator 4.5 is fully compatible with IPv6 in both native and mixed environments, including:
z Native IPv4
z Native IPv6
z Mixed IPv4 and IPv6
LDAP support
ePolicy Orchestrator 4.5 supports LDAP (Lightweight Directory Access Protocol) through the use of Active Direct ory
servers. This version of ePolicy Orchestrator allows closer integration with Active Directory servers so that you can:
z Assign permission sets to users based on their Active Directory group.
z Browse your Active Directory server for users or groups when creating Policy Assignment Rules.
z Automatically assign administrator rights to users when they log on with their Active Directory domain
credentials.
Issues and ticketing
ePolicy Orchestrator 4.5 provides basic issues management and bi-directional integration with these third-party
ticketing systems:
z Service Desk
z Remedy
Multi-server rollup reporting improvements
The multi-server rollup reporting feature has been enhanced. You can now filter out unwanted items before
performing a data rollup. New rollup reporting targets have been added, including policy assignments, and specific
policy use across your network.
Queries system improvements
The Queries system has been enhanced in several ways. A redesigned Queries page now groups queries by result
types, and includes more default queries. Query targets are now grouped in the Query Builder. A stacked bar chart
has been added to the available chart types, and the variables and parameters for configuring charts have been
improved.
Rogue System Detection improvements
Rogue System Detection has been improved to fully leverage the power of ePolicy Orchestrator 4.x platform. Now
you can categorize exceptions, update your OUI list, and optionally employ OS finger printing.
Searchable Help
When you install the ePO Help extension for products that are managed by ePolicy Orchestrator, you can now
search the context-sensitive Help and product guides for those products.
Known Issues
Known issues in this release of the software are described below:
z Installation and upgrade issues
z Migration issues
z System Tree issues
z Active Directory issues
z Permission set issues
z Query issues
z Rogue System Detection issues
z Browser issues
z Documentation issues
z Other issues
Installation and upgrade issues
z Upgrading from ePolicy Orchestrator 4.0 Patch 3 might fail. To workaround the problem, delete the existing
logs found at %TEMP%\MFELogs and %TEMP%\NAILogs and restart the upgrade.
z When installing in a pure IPv6 environment, the Database Server menu on the Set Database
Information page of the installation wizard is not populated with SQL servers on the network. (444513)
z Using a SQL NT authenticated user that is not a local admin on the ePO server causes the installation to fail.
(367702)
z Using complex characters (e.g. @, #, $) in the SQL server administrator password might prevent ePolicy
Orchestrator from installing. For more information on accepted username and password formats, see ePolicy
Orchestrator 4.5 and SQL server username and password considerations in this document. (363939)
z Using complex characters (e.g. @, #, $) in the password for the administrator account when installing
ePolicy Orchestrator 4.5, or upgrading from version 4.0 to version 4.5 might cause the installation to fail.
For more information on accepted username and password formats, see ePolicy Orchestrator 4.5 and SQL
server username and password considerations in this document. (459993)
z Using double-byte characters in the Agent Handler installation path causes Agent Handler installation to fail.
Only characters included in the ISO 8859-1 character set are supported. For more information on supported
characters, see ePolicy Orchestrator 4.5 and SQL server username and password considerations in this
document. Agent Handler installation paths must adhere to the same requirements as those specified for
Loading...