Introduction to Reference Configurations
Reference configurations are McAfee-recommended deployment scenarios that have undergone extensive testing to ensure proper sequencing. The scenarios reduce the need for restarts and improve ease of execution. To access the reference configuration search tool, go to https://rcsearch.mcafee.com. The search tool allows you to filter reference configuration documents by product, installation type (fresh installation or upgrade), and Windows version.
For more details about reference configurations and answers to frequently asked questions, see KB88274 - Introduction to Reference Configurations.
This reference configuration document is designed for customers who already have McAfee products deployed. This document was created by building a baseline system matching the most commonly deployed versions of McAfee products at that point in time, and then upgrading to recently released product versions. The intent is to provide a roadmap for upgrading to recent releases.
NOTE: Not all McAfee products are included in this document. It represents products that are commonly used. If your product mix is a subset of this configuration, you can skip over any product deployment that does not apply to your needs. The recommended products in this reference configuration do not necessarily represent the latest released versions of many McAfee products.
Before You Begin
Before beginning the deployment process, there are several preparatory actions that help lead to a successful deployment process.
Review the latest release notes and known issues
Although McAfee officially recommends this reference configuration, we might discover issues that could impact the success of your deployment. See the Recommended Product Configuration table for links to known issues for each product version.
Plan for restarts
Some operating system driver modules installed during product upgrades are properly loaded into memory only at runtime, and thus need a restart to facilitate the loading of the new drivers. Limitations of the operating system require that only one version of these drivers be loaded at a time. So, depending on which products you are installing, you might need to restart multiple times. This deployment path has been optimized to minimize the number of restarts needed when you update all products listed in the sequence.
If you are planning to update only a subset of products, plan to restart after the updates are complete.
Adapt this guideline to your specific upgrade plan
Your current deployment baseline might differ from the versions mentioned in the Recommended Product Configuration table. If some of your product versions are more recent than this provided baseline, still follow the recommended sequence. If you do not use some of the products in the list, you can skip that product.
Recommended Product Configuration
The table below lists commonly deployed products, determined based on telemetry samplings from a large set of customers. McAfee recommends deploying these products to take advantage of the recent product offering for ENS 10.5.3. This configuration has been extensively tested for cross-product compatibility using Windows 7 Enterprise SP1 x64, Windows Server 2008 R2 SP1, and Windows Server 2012 R2.
NOTE: In the table below, the hyphen (-) means that no upgrade is needed.
| McAfee Products |
Common
Versions Windows
Client (Windows 7)
Windows Servers
(2008, 2012) |
Recommended Upgrades |
Upgrade Only for Client Operating System |
Known
Issues |
| ePolicy Orchestrator (ePO) |
5.3.2.156 |
- |
N/A |
Unpublished due to End of Life |
| Data Exchange Layer Broker (DXL Broker) |
- |
4.0.0.416 |
KB89741 |
| Threat Intelligence Exchange Server (TIE Server) |
- |
2.1.0.323 |
KB85172 |
| McAfee Active Response Server (MAR Server) |
- |
2.2.0.251 |
KB88196 |
| McAfee Advanced Threat Defense (ATD) / McAfee Cloud Threat Defense (CTD) |
- |
4.0.2.42 |
KB89507 |
| McAfee Agent (MA) |
5.0.5.658 |
5.0.6.220 |
KB83895 |
| VirusScan Enterprise (VSE) |
8.8.0.1559 (Patch 8) |
- |
KB70393 |
| Endpoint Security (ENS) |
- |
10.5.3.3152.11 |
KB82450 |
| SiteAdvisor Enterprise (SAE) |
3.5.0.1364 (Patch 4) |
- |
KB86824 |
| McAfee Client Proxy (MCP) |
- |
2.3.2.251 |
KB83131 |
| Data Exchange Layer Client (DXL Client) |
- |
4.0.0.416 |
KB89741 |
| Adaptive Threat Protection (ATP) |
- |
10.5.3.3113.4 |
KB88788 |
McAfee Active Response Client
(MAR Client) |
- |
2.2.0.251 |
KB88196 |
| Host Intrusion Prevention (Host IPS) |
8.0.0.3828 (Patch 8) |
8.0.0.4480 (Patch 10) |
KB89051
KB89890 |
| Data Loss Prevention Endpoint (DLP Endpoint) |
9.3.500.2 |
11.0.0.130.242 |
KB89301 |
| Drive Encryption (DE)1 |
7.1.3.547 |
7.2.2.14 |
KB84502 |
| File and Removable Media Protection (FRP)2 |
- |
5.0.4.113 |
KB85807 |
| McAfee Application and Change Control (MACC)3 |
7.0.1.275 |
8.0.0.817 (Hotfix 2) |
KB87839 |
1 For information about how to upgrade the operating system to Windows 10 with DE 7.2.1 or later installed, see
KB89000.
2 For information about how to upgrade the operating system to Windows 10 with FRP installed, see
KB87550.
3 For information about how to upgrade the operating system to Windows 10 with MACC installed, see
KB86551.
Installation Process
This section outlines the recommended order of operation.
NOTES:
- Dark green boxes indicate server systems.
- Dark blue boxes indicate when a product upgrade is recommended.
- Light blue boxes indicate a new product deployment.
- Boxes outlined in red indicate that a system reboot is needed to enable that product.
