Loading...

Knowledge Center


How to use the Endpoint Security Package Designer
Technical Articles ID:   KB86438
Last Modified:  10/4/2019
Rated:


Environment

McAfee Endpoint Security (ENS) Adaptive Threat Protection 10.x
McAfee ENS Firewall 10.x
McAfee ENS Package Designer (ENSPD)
McAfee ENS Threat Prevention 10.x
McAfee ENS Web Control 10.x

Summary

This article provides a simple guide to using the ENSPD tool. The ENSPD tool takes you through the process of creating a product package .zip file that contains preconfigured custom policies, or additional executables to run when installing ENS.
Requirements
The version structure for the ENSPD tool is parallel to that of ENS. Only the corresponding versions can be used together. For example, ENS 10.5 requires ENSPD 10.5, and ENS 10.6 requires ENSPD 10.6. Before running ENSPD, you must have ENS installed on a system in standalone or unmanaged mode, so you can customize policies.

To download the ENSPD tool
  1. Log on to the Product Downloads site: http://www.mcafee.com/us/downloads/downloads.aspx.
  2. Select the McAfee Endpoint Security product.
  3. Select the INSTALLATION filter.
  4. Locate the Endpoint Security Package Designer.

To download the ENS installer package

Use the standalone complete installer package as the source package with the ENSPD tool. When using an update release, make sure that you use the repost standalone installer package. Update and hotfix packages are not supported as source packages.
  1. Log on to the Product Downloads site: http://www.mcafee.com/us/downloads/downloads.aspx.
  2. Select the McAfee Endpoint Security product.
  3. Select the INSTALLATION filter.
  4. Locate the standalone complete installer package, for example, Endpoint Security standalone install Version 10.5.3.
    NOTE: Update packages, for example, Endpoint Security standalone install Update 10.5.3, and hotfix packages, are not supported as source packages.
IMPORTANT: Restart your computer after the installation, before using the ENSPD tool for the first time.

To run the ENSPD tool
  1. Open the ENSPD wizard.
  2. On the Select Folders screen, select the source package file and destination folder for the custom package:
    1. Browse to the package you want to create.
    2. Browse to the folder where you want to create the package.
    3. Optionally, specify a custom name for the package. The .zip file extension is appended to the file name automatically.
    4. Click Next.
  3. On the Modify Package screen, click Edit Settings and change the settings if needed, and then click Next.
  4. On the Select Modules and Settings screen, select the modules to be part of the custom package. Choose the appropriate option for settings, as Custom or Default, based on your needs, and then click Next. Endpoint Security Platform is a mandatory module and is always included. This feature is available in ENS 10.5.1 and later.
  5. On the Add Executables screen, add any executables to start either pre-install or post-install of a selected ENS module. You can add as many executables as you want to the pre-install and post-install step, and can include them for one or more modules. This feature is available in ENS 10.5.3 and later installation packages. If you provide older ENS 10.5.x builds as input to ENSPD 10.5.3, the pre-install and post-install executable feature is not available.

    IMPORTANT: McAfee is not responsible for the creation or support of third-party executables or scripts. Any results from the use of third-party executables or scripts are the responsibility of the customer.
     
    1. Select the module from the drop-down list for which you want to add pre-install or post-install executables.
    2. Add pre-install or post-install executables:
      • To add a pre-install executable:
        1. Click Add next to the corresponding table. An Executable Information window appears where you can provide the executable path and other information.
        2. Use the file browser dialog to choose the executable to include. The file can be a standalone executable file (.exe), or for more complex requirements, a .zip file that contains an executable, or another file type.

          IMPORTANT: ENS hotfix packages are released in a .zip file, so you must use the .zip file type when including hotfix packages.
           
        3. Select the Quit on failure setting if you want to stop the ENS module installation because there is a failure during the execution of the specified executable.
        4. In the Success codes field, specify any return codes that you expect the specified executable to return when it has completed successfully. If the executable returns any other value, it is considered a runtime failure.
      • To add a post-install executable:
        1. Click Add next to the corresponding table. An Executable Information window appears where you can provide the executable path and other information.
        2. Use the file browser dialog to choose the executable to include. The file can be a standalone executable file (.exe), or for more complex requirements, a .zip file that contains an executable, or another file type.
           
        NOTE: There is no Quit on failure setting for a post-install executable.
         
    3. Click Next.
  6. On the Create Package screen, review, and verify your selections and the content of the custom package, and then click Create. A progress bar displays the status of package creation.
  7. On the Package Completed screen, select one of the following options:
    • Open Package Location - Navigates to the folder where the package was created. From there, unzip the content of the package created and check in the ENS modules into the Master Repository in ePolicy Orchestrator (ePO), for deployment, or you can deploy it by using third-party software.
    • Finish - Exits the wizard.
Your custom package is located in the destination folder specified in step 2. You can check in the custom package to ePO so that any executable that needs to run, does run during the ENS deployment from ePO.

Back to top

To include ENS product updates in a custom installer package

While using the ENSPD at step 5 above, in the "To run the ENSPD tool" section, in the Add Executables screen, you can add the ENS product updates using the .zip file of each module and specifying the setup executable within that .zip file. You need to select the appropriate ENS module when adding post-install executables.
  1. Select the module. The modules are:
    • Endpoint Security Platform
    • Firewall
    • Threat Prevention
    • Web Control
  2. Click Add under Post-Install.
  3. Click Browse.
  4. In the File name menu, change the file extension selection from .exe to .zip.
  5. Choose the applicable module update .zip file package. Examples:
    • Firewall example: Firewall_10.5.4.4205.2_June_Update_1239932.zip
    • Platform example: Endpoint_Security_Platform_10.5.4.4260.8_June_Update_1239932.zip
    • Threat Prevention example: Threat_Prevention_10.5.4.4282.4_June_Update_1239932.zip
    • Web Control example: Web_Control_10.5.4.4212.2_June_Update_1239932.zip
  6. Select the installer executable file:

    NOTE: The executable list sorts all entries in alphabetical order by default, so mfehidin32.exe is the first entry, but is not the correct one.
     
    • Firewall: SetupFW.exe
    • Platform: SetupCC.exe
    • Threat Prevention: SetupTP.exe
    • Web Control: SetupWC.exe
       
  7. For the Success codes value, enter the values 0 and 3010 separated by commas, for example: 0,3010.

    NOTE: The Success codes used here correlate to MSI success codes 0 (ERROR_SUCCESS) and 3010 (ERROR_SUCCESS_REBOOT_REQUIRED). See the Microsoft article MsiExec.exe and InstMsi.exe Error Messages for more details.
     
  8. Repeat the above steps for each additional ENS module and update package.

To include the ENS Adaptive Threat Protection installer and updates in a custom installer package

To install the ENS Adaptive Threat Protection module, perform the steps below in the Threat Prevention module section.

NOTE: If you encounter any issues installing the ENS Adaptive Threat Protection module with the ENSPD, contact Technical Support.
  1. Add a Post-Install entry under the Threat Prevention module section.
  2. For the Success codes value, enter the values 0 and 3010 separated by commas, for example: 0,3010.

    NOTE: The Success codes used here correlate to MSI success codes 0 (ERROR_SUCCESS) and 3010 (ERROR_SUCCESS_REBOOT_REQUIRED). See the Microsoft article MsiExec.exe and InstMsi.exe Error Messages for more details.
     
  3. Select the installer executable file SetupATP.exe.
  4. Choose the applicable Adaptive Threat Protection installer .zip file package. For example, Adaptive_Threat_Protection_10_5_4_4209_2_client.zip.
  5. Repeat the above steps for any ENS Adaptive Threat Protection product updates. For example, Adaptive_Threat_Protection_10.5.4.4250.2_June_Update_1239932.zip.

    NOTE: To install the ENS Adaptive Threat Protection module, the ENS Threat Prevention module must first be installed with the applicable Threat Prevention updates. The recommended installation order is below:
    1. Threat Prevention installation
    2. Threat Prevention updates
    3. Adaptive Threat Protection installation
    4. Adaptive Threat Protection updates

FAQs for the ENSPD tool
 
Does ENSPD check in to ePO?
No. It is a standalone application.

Why use ENSPD where ENS is unmanaged or standalone?
A primary purpose of ENSPD is to apply policy configurations in the absence of ePO management. 

What happens when an ENSPD installation becomes managed by ePO?
When an ePO-managed McAfee Agent enforces the ePO-defined policies, the ENSPD settings are replaced.   

What modules does ENSPD currently support for customizing policies?
ENSPD supports customizing policies for Threat Prevention, Firewall, and Web Control.

Which ENS package do I specify as the source?
Use the standalone complete installer package. When using an update release, make sure that you use the repost standalone installer package. Update and hotfix packages are not supported as source packages. See the To include ENS product updates in a custom installer package section for details about installing ENS product updates using ENS Package Designer.

Can I add my custom package to ePO?
Yes. Unzip the customized output package. You see individual package files for Threat Prevention (TP), Web Control (WC), Firewall (FW), and Common modules. Check in these modules to ePO.

Can my custom package also preserve settings when upgrading older versions?
No. Preserve settings functionality is ignored.

Rate this document

Languages:

This article is available in the following languages:

English United States
Spanish Spain
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.