Installation Guide

McAfee Endpoint Advance Suite Installer 2.0.0

Introduction
McAfee Endpoint Advanced Suite Installer (McAfee EASI) provides an easy deployment and a centrally managed solution for the installation of McAfee ePolicy Orchestrator (McAfee ePO), SQL Server Express, and various McAfee products. Simple and automated installation Through a single installer, you can install McAfee ePO, SQL Server Express, and check in the packages and extensions for various McAfee products. Four types of available suites You can download the suite that suits your organization's need. See McAfee EASI product suites. Automatic checkin of product components Checks in product extensions, packages, custom policies, default policies, and tasks of the McAfee products. Automatic discovery of systems McAfee EASI has the ability to detect all systems on the local subnet and add them to the McAfee ePO System Tree.

Deployment through McAfee EASI

McAfee EASI simplifies the setup process for ePolicy Orchestrator and McAfee products. In traditional deployment, you must download and install ePolicy Orchestrator, download and install all McAfee products individually, then configure policies and tasks. Using McAfee EASI, the process involves two basic steps. 1 2 Download the McAfee EASI package to your server and unzip the package. Execute the installer to launch the McAfee EASI wizard, then follow the prompts.

The ePolicy Orchestrator server is set up with McAfee products, which are ready to be deployed to the client systems.

McAfee EASI product suites

McAfee EASI has four software suites. EPS Endpoint Protection Suite EPA Endpoint Protection Advanced Suite

CEB Complete Endpoint Protection Business Suite CEE Complete Endpoint Protection Enterprise Suite

Each suite contains McAfee ePolicy Orchestrator and a set of McAfee products. Select the suite that is most suitable for your organization. Table 1 McAfee EASI product suites EPS EPA CEB CEE McAfee product Endpoint security McAfee VirusScan Enterprise for Windows

Version 8.8.3 + Hotfix 805660 6.0.3 1.2 + Hotfix 821823 + Hotfix 833397 1.9.0 1.0.2 2.5.1 6.1.0 1.6.0 8.0.2 + Hotfix 791162 8.0.2 + Hotfix 791162

Command Line Scanners for Windows, Linux, Solaris, AIX, BSD, and HPUX McAfee Security for Mac (MSM) McAfee VirusScan Enterprise for Linux

McAfee VirusScan Enterprise for Storage

McAfee Security for Microsoft SharePoint

McAfee Application Control Desktop

McAfee Deep Defender

McAfee Host Intrusion Prevention for Desktops (Firewall only) McAfee Host Intrusion Prevention for Desktops (Intrusion Prevention, App Blocking, and Access Protection)

Web and messaging security McAfee SiteAdvisor Enterprise

3.5.1 + Hotfix 809552 3.5.1 + Hotfix 809552 8.0.0 7.0.1 10.2.2 9.2.2 7.0.1 4.1.1 + Hotfix 879798 4.6.6

McAfee Web Filtering for Endpoint

McAfee Security for Microsoft Exchange McAfee Quarantine Manager Mobile device security and management McAfee Enterprise Mobility Management Data protection McAfee Device Control McAfee Endpoint Encryption for PC

McAfee Endpoint Encryption for Files and Folders Management and deployment McAfee ePolicy Orchestrator Real Time for ePolicy Orchestrator

1.0.1 1.5.0 10.2.2

McAfee ePO Deep Command Discovery McAfee Enterprise Mobility Management Risk and compliance management

Table 1 McAfee EASI product suites (continued) EPS EPA CEB CEE McAfee product McAfee Risk Advisor

Version 2.7.1 + Hotfix 4 6.0.1

McAfee Policy Auditor for Desktops

McAfee EASI installs and configures the components in your suite. However, you need to verify the interoperability and compatibility of these products in your environment.

Installation
Install McAfee EASI in a compatible environment to install and configure McAfee ePO and the McAfee products it will manage.

Pre-installation
Before installing McAfee EASI, make sure that your server is ready and meets all requirements. This section presents you with the information that can help you prepare for the installation.

Package suite .zip files

The software package contains the files necessary to install and set up the ePolicy Orchestrator software, and the McAfee products to be managed. Package EASI_EPS.zip EASI_EPA.zip EASI_CEB.zip EASI_CEE.zip Content McAfee ePO and software packages for EPS suite products. McAfee ePO and software packages for EPA suite products. McAfee ePO and software packages for CEB suite products. McAfee ePO and software packages for CEE suite products.

System requirements
Make sure that your server meets these requirements.
These are the minimum requirements for McAfee EASI. You can see detailed information about requirements for McAfee ePO in the McAfee ePO installation guide, and productspecific requirements in each product's documentation.

Component Operating system

Minimum requirement Microsoft Windows 2008 Standard/Enterprise Server SP2 Microsoft Windows 2008 Standard/Enterprise Server R2

Microsoft .NET Framework Microsoft .NET Framework version 3.5 SP1 RAM Free disk space 8.3 Naming Convention Network Ports Minimum of 2 GB 10 GB of free space on the installation drive 8.3 Naming Convention must be enabled. Network connection is required. Default ports are 80, 443, 1433, 8081, 8082, 8443, 8444, and 8731. These ports can be changed during installation if they are already in use.

Component Virtualization

Minimum requirement The installer supports use of these virtual infrastructure software packages: VMware ESX 3.5 Update 4 VMware ESX 4.0 Update 1

Database Network share/mapped drive

SQL Server Express 2008 R2 SP1 is supplied. You can also use an existing SQL Server. You cannot install McAfee EASI from a network share or a mapped drive.

Install the software

Install McAfee EASI by following this simple procedure. Task 1 Download and extract the installer archive for your suite. EASI_EPS.zip EASI_EPA.zip EASI_CEE.zip EASI_CEB.zip

A folder directory structure is created. It has a McAfee EASI executable and folders that the application uses to perform the automated installation and configuration. For details, see Folders in the McAfee EASI software package. 2 3 To launch the installer, doubleclick EASI.exe. In the Endpoint Advanced Suite Installer screen, enter these details. a Enter the details for the user. ePO User name Specify the administrator name for McAfee ePO. Password Specify the password for McAfee ePO.
The password must be at least 8 characters, have at least one uppercase letter, and have at least one digit.

Confirm Password Reenter the password for McAfee ePO.

The user name and password you enter here are set as the user credentials for McAfee ePO and the database.

b c

To add all systems in the local subnet to the McAfee ePO System Tree, select Automatic discovery of systems. Select the language from Please Select Language, accept the terms in the license agreement, then click Next.

Verify the prerequisites listed on the screen. For details, see Prerequisite details. Icon Status Passed Warning Description The system requirement is met. The system requirement needs further review but allows the installation to continue.

Information Useful system information. Failed The system requirement has failed and must be corrected for the installation to continue.

Table 2 Option definitions prerequisites Option Item Information Status Message Configure Ports Definition Displays the prerequisites of the installer. Displays some useful system information. Displays the status of the installed component. For example Passed or Failed. Specifies more information about the failed installation component. Provides an option to configure ports in case of conflicts.
This option is available on the left pane, only if the default ports used by the installer are already in use by some other application. To resolve port conflicts, click Configure Ports to open the Configure Ports screen.

Please Select Drive Provides an option to select a drive for McAfee ePO installation. Back Cancel Retry Provides an option to go to the previous screen. Provides an option to cancel the installation. Provides an option to perform the prerequisite check again and continue the installation.
This option is available if any of the prerequisites are not met. Correct the failed prerequisites and try again.

Next 5

Provides an option to continue the installation.

To resolve any port conflicts, click Configure Ports and click Save.
The ports marked in red are being used by other applications. Change them to continue installation. See Default port settings for the default ports used by the application.

6 7

Select the drive of the installation from Please Select Drive, then click Next. Select a database and configure as needed. Install Microsoft SQL Express Select to install Microsoft SQL Server Express 2008 R2 SP1. Use Existing Microsoft SQL Server Select to connect to an existing database server on your network. 1 2 Select a database server from the Database Server dropdown list. If it is not listed, you can enter the server manually. Specify the authentication mode by selecting Windows authentication or SQL authentication.

Windows authentication

1 In the Domain, type the domain of the user account you're going to use to access the SQL Server. 2 Type the User name and Password. If you are using a previously installed SQL Server, make sure that your user account has sufficient privileges to access the database.

SQL authentication

Type the User name and Password for your SQL Server. Make sure that the credentials you provide represent an existing user on the SQL Server with appropriate rights. The Domain menu is grayed out when using SQL authentication.

You might need to type the SQL server TCP port to use for communication between your McAfee ePO server and database server. Default port for this communication is 1433.

Click Install. McAfee EASI tries to connect to the database with the credentials you provided. If the connection is successful, the installation begins. If the connection fails, you are prompted to provide the correct details. Make sure there is good connectivity between the ePolicy Orchestrator server and the database server.

Verify that the Message column shows this message The operation completed successfully for all the components.
If the installation is unsuccessful, check the logs in %temp% folder with the file name ePO.Advanced .Suite.Installer.xxxxx.log for failures.

10 Click Finish. You have now successfully installed all components of the McAfee EASI software package.

Verifying your installation

Verify that all the components of McAfee EASI are installed correctly.

Log on to the ePolicy Orchestrator server

After the installation of McAfee EASI, you can log on to the ePolicy Orchestrator server with your credentials. Task For option definitions, click ? in the interface. After installing McAfee EASI, Log On to ePolicy Orchestrator screen appears. Log on to the server with the credentials you provided at the beginning of the McAfee EASI installation. You can also access the ePolicy Orchestrator server by doubleclicking on your desktop, or browse to the server from a remote web console (https://<servername>:<port>).

Verify the automatic discovery of systems

After the installation, you can see all the systems in your local subnet on your System Tree, if you had enabled the automatic discovery of systems.

Task For option definitions, click ? in the interface. 1 On the McAfee ePO console, click Menu | Systems | System Tree, then verify that all the systems on the subnet are added to the System Tree.
All the systems are added to the System Tree in unmanaged mode if you select the option Enable automatic discovery of systems during installation.

Deploy agents to these systems to manage them. For instructions, see the product documentation for McAfee ePO.

Verify the packages

You can see the product packages in the ePolicy Orchestrator master repository. Task For option definitions, click ? in the interface. To view the packages, select Menu | Software | Master Repository.

If the installation was successful, you see the products from your software package displayed under the master repository.

Verify the extensions

You can see the product extensions in your ePolicy Orchestrator server. Task For option definitions, click ? in the interface. To view the extensions, select Menu | Software | Extensions.

If the installation was successful, you see the product extensions for all installed products from your suite checked in here.

Verify custom policies and tasks

McAfee EASI contains some custom policies and predefined tasks for the McAfee products that you installed. You can see these custom polices and tasks on your ePolicy Orchestrator server.
For details on policies and tasks see the setup guide of McAfee EASI.

Task For option definitions, click ? in the interface. 1 2 3 4 To view the custom policies, click Menu | Policy | Policy Catalog. From the Product list, select the McAfee product to view its policies. To view tasks, click Menu | Policy | Client Task Catalog. Select the task type in the left pane to view custom tasks.

Additional information
This has additional information which can help you in the installation process and about the optional products that you can install after setting up your McAfee ePO.

Optional products to install

After you install the components in your software package through McAfee EASI, you can install more McAfee products that are a part of your suite. You can find these files in the postInstall folder of your McAfee EASI software package. The postInstall folder includes policies, extensions, and packages of some McAfee products. For instructions about setting up and using these McAfee products, see the setup guide of McAfee EASI in the software package. We recommend that you install McAfee Enterprise Mobility Management, Real Time for McAfee ePO, and ePolicy Orchestrator on separate servers.

Table 3 Components in postInstall Suite category EPS Software package Components in the postInstall folder EASI_EPS.zip Command line Scanners for Windows, Linux, Solaris, AIX, BSD, and HPUX Real Time for McAfee ePO McAfee Security for Microsoft Exchange (MSME) software extensions per supported language McAfee EASI checks in the software extension based on the language selected. The other language extensions are placed here. Description

License key for McAfee Device Control EPA EASI_EPA.zip Command line Scanners for Windows, Linux, Solaris, AIX, BSD, and HPUX Real Time for McAfee ePO McAfee Security for Microsoft Exchange (MSME) software extensions per supported language McAfee EASI checks in the software extension based on the language selected. The other language extensions are placed here.

License key for McAfee Device Control CEB EASI_CEB.zip Command line Scanners for Windows, Linux, Solaris, AIX, BSD, and HPUX McAfee Enterprise Mobility Management Real Time for McAfee ePO

Table 3 Components in postInstall (continued) Suite category Software package Components in the postInstall folder McAfee Security for Microsoft SharePoint extensions per supported language Description McAfee EASI checks in the software extension based on the language selected. The other language extensions are placed here. McAfee EASI checks in the software extension based on the language selected. The other language extensions are placed here.

McAfee Security for Microsoft Exchange (MSME) software extensions per supported language

License key for McAfee Device Control CEE EASI_CEE.zip Command line Scanners for Windows, Linux, Solaris, AIX, BSD, and HPUX McAfee Enterprise Mobility Management McAfee Risk Advisor Real Time for McAfee ePO McAfee Security for Microsoft Exchange (MSME) software extensions per supported language McAfee EASI checks in the software extension based on the language selected. The other language extensions are placed here.

License key for McAfee Device Control License key for McAfee Application Control Desktop

Folders in the McAfee EASI software package

Folders in McAfee EASI software package that the application uses to perform the automated installation and configuration. Folder name Description ePOSetup extensions installers Manuals packages policies postInstall serverTasks sysTree ePolicy Orchestrator setup files. McAfee product extensions. Additional components installed by McAfee EASI. The installation guide, setup guide, and release notes for McAfee EASI. McAfee product packages. Custom policies for McAfee products. Additional McAfee products that you can install after installing McAfee EASI. Additional background server tasks that runs on your ePolicy Orchestrator server on a schedule. A sample System Tree structure for ePolicy Orchestrator.

Folder name Description tags tasks Utilities EASI.exe Tags that are assigned to systems. Custom tasks for McAfee products. Utilities for SQL Server Express database maintenance. The executable file that launches the McAfee EASI installation process.

Prerequisite details
This information can help you resolve failed prerequisites during the installation. Prerequisites Logging Computer Name Operating System Details Specifies the location of McAfee EASI logs created during Installation. Specifies the name of the computer. Specifies the operating system of the server. McAfee EASI works on only supported operating systems listed in System requirements. If it is executed on any other operating system, this prerequisite fails. McAfee EASI sets up a new McAfee ePO server. It does not support the upgrade of an existing McAfee ePO server. If ePolicy Orchestrator is already present on the system, this prerequisite fails. Specifies logged on user name. Specifies if the user access is enabled or disabled.
If User Access Control is enabled, the installer must be run as an administrator. To do this, rightclick EASI.exe and select Run as an Administrator.

ePolicy Orchestrator

.NET Framework 3.5 SP1 Specifies the .NET Framework present on the system. Current User User Access Control

8dot3NameCreation

Specifies if the 8.3 Naming Convention is enabled or disabled. Your operating system must allow creating short path names.
To enable the 8.3 Naming Convention, change the NtfsDisable8dot3NameCreation key to 0 in the path [HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Control\FileSystem \NtfsDisable8dot3NameCreation] and restart the system. See the KB article for more details. https://kc.mcafee.com/corporate/index? page=content&id=kb51431

Total Memory Free Disk Space Host Name Network Availability

Specifies the physical memory space of the system. Specifies the free disk space on the drive. Specifies the host name of the system. Specifies if the network is available.
We recommend using static IP. If DHCP is enabled, the IP address might change once the system restarts. This results in McAfee ePO clientserver communication problems.

Listening Ports

Specifies the default ports 80, 443, 1433, 8081, 8443, 8444, and 8731 which will be assigned to ePolicy Orchestrator.
If there is a port conflict, you can resolve it with the Configure Ports option.

10

Prerequisites Windows Firewall

Details Specifies if the Windows Firewall feature is enabled or disabled.

We recommend that you turn off Windows Firewall, because it might block the ePolicy Orchestrator clientserver communication.

Local Area Connection

Specifies the local area connection information of the system.

Default ports
These are the default port settings used by McAfee EASI. Setting name EASIAgentPort EASIAgentSecurePort EASIDatabasePort EASIAgentWakeupPort EASIAgentBroadcastPort EASITomcatSecurePort EASITomcatAuthPort EASIWCFServerPort Port number 80 443 1433 8081 8082 8443 8444 8731 Description Agentserver communication port Agentserver secure communication port SQL Server TCP port Agent wakeup communication port Agent broadcast communication port Consoletoapplication server communication port Clienttoserver authenticated communication port Port number used by McAfee Device control

Frequently asked questions

These are answers to some common situations that you might encounter while installing or using the product. When trying to install EASI.exe, I get error Endpoint Advanced Suite Installer has stopped working . What can I do? Install .NET framework 3.5 on the system, then try installing McAfee EASI again. How can McAfee ePO be upgraded or uninstalled using McAfee Endpoint Advanced Suite Installer? McAfee Endpoint Advanced Suite Installer cannot be used to upgrade or to remove McAfee ePO. It is only meant for setting up the McAfee ePO server for the first time. However, you can log on to the McAfee ePO server to upgrade the McAfee products and their policies. Can we use McAfee EASI for trial versions of the products? McAfee EASI installs McAfee ePO in Evaluation mode, which works for 90 days. After this period, you must enter a license key in the McAfee ePO Login screen to continue using it. Is it possible to check in only product packages and extensions without installing McAfee ePO? No. McAfee EASI does not allow checking in product policies and extensions to an existing McAfee ePO server. It is always done during the installation of the McAfee ePO server. What is the default user created for the SQL Express database? For the Microsoft SQL Server Express database, a database user named sa is created with the password you specified during installation. McAfee ePO installation fails when the SQL Server Browser service is not running. What should I do? Start the SQL Server Browser service and try installing McAfee EASI again.

11

What should I do if McAfee EASI installation fails? Check the logs in the %temp% folder where the installer logs are created. The log files that the installer creates in the directory are: ePO.Advanced.Suite.Installer.xxxxx.log (one file per run) eASI.ePO.setup.log McAfeeScanLine.txt

If the installer wizard does not appear when I run EASI.exe, what should I do? Check the event viewer from Start | Run | eventvwr. See the General, and Details tabs for the error message.

Where can I find a list of known issues? See this article in McAfee KnowledgeBase https://kc.mcafee.com/corporate/index? page=content&id=KB78156.

Copyright 2013 McAfee, Inc. Do not copy without permission. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. 12
00