Release notes are available as a PDF download here, and the release notes addendum is here. The updated Agent supports ePolicy Orchestrator 4.5 (Patch 2 or later) in addition to ePolicy Orchestrator 4.6, and includes the following new features:
Run now - You can now run client tasks on demand. ePolicy Orchestrator software 4.6.0 includes a Run Client Task Now action which, when using version 4.6.0 of McAfee Agent, queues the selected task to run immediately on the selected systems. If there is a network address translation layer (NAT) between the ePolicy Orchestrator server and the agent client, the task sent with Run Client Task Now runs the next time the agent communicates with the ePolicy Orchestrator server.
SuperAgent lazy caching - SuperAgent repositories now only pull content when needed from ePolicy Orchestrator servers instead of receiving all content on push replications. This reduces the bandwidth required to distribute content to SuperAgent repositories. The SuperAgent repository also caches any packages it has pulled, so subsequent requests by endpoints are served locally without pulling from the master repository. In previous versions, SuperAgent repositories pulled all content from the master repository regardless of whether it was actually needed.
Performance improvements - The Agent now uses less CPU time, and allows you to reduce Agent process priority to improve performance of your other applications.
Repository policy refactored - A new Repository policy category allows you to configure repository policies independently from general policies. You can now set your general policies globally and your repository policies locally. In addition, you can now use drag-and-drop to reorder the repository list.
Default policy type for large organizations - McAfee Agent now provides a default policy type specifically designed for large organizations called Large Organization Default. This policy is intended as a starting point from which large organizations can create their own custom policies, and includes policies in the General category.
Agent event refinements - The level of detail included in events that are generated in response to a failure has been enhanced. Property collection and
policy enforcement failure events are now reported on first instance only. Additionally, events generated from product update and product deployment failure events are more precise.
Endpoint language selection - McAfee Agent 4.6 allows you to configure, through policy settings, the language used by the agent. This is useful when your administrators or support personnel speak a different language that the one used by the endpoint users. This language selection overrides the local settings. It is used for both the agent user interface on the client, and the agent log files generated by that client. Note If you configure the agent to use a language other than the users' selected language, the text displayed in the agent user interface on their system will be in the language you selected, and not the same as the rest of the users' interface. Also, regardless of language selection, some detailed log text remains in English for troubleshooting purposes by McAfee.
Improved cluster awareness - The agent is now more aware of the network cluster environment in which it resides, and sends additional cluster and node properties back to ePolicy Orchestrator.
Agent deployment to UNIX-based systems - You can now deploy agents to some UNIX-based systems using push deployment. Push deployment is currently supported for Macintosh OS versions 10.5 (Leopard) and 10.6 (Snow Leopard), and Red Hat Linux Enterprise versions 4, 5, and 6.
UNIX-based Command Agent tool - The Command Agent tool (cmdagent) is now available on all operating systems supported by McAfee Agent 4.6. The Command Agent allows you to control the agent on the endpoint by invoking actions such as policy enforcement, collecting and sending properties, and checking for new policies and tasks on the server.
You can download the new Agent from the McAfee Downloads website here.
I’ve recently been deploying a few new Secondary Sites for our Configuration Manager environment at work, so I decided to make a quick walkthrough on how to deploy a new Secondary Site on Windows Server. I’m posting it here as well, in case anyone else can use it for their benefit.
Steps to Deploy a New Secondary Site
- Grant new server account access to AD Systems Management container (Full Control)
- Add new server account to SMS_SiteToSiteConnection_SITECODE on Primary Site
- Create 0-byte NO_SMS_ON_DRIVE.SMS and copy to the root of any drives you wish to exclude from SMS packages
- Add Windows Server Features
- BITS Server Extensions
- Remote Differential Compression
- Add Windows Server Role Services
- ASP.NET
- (and ASP if using as a reporting point)
- Windows Authentication
- IIS6 Metabase Compatibility
- IIS6 WMI Compatibility
- Install WebDAV
- Configure IIS WebDAV
- Enable WebDAV on Default Web Site (or SMSWEB if using a custom site)
- Add Authoring Rule
- All content
- All users
- Read permission
- WebDAV settings
- Allow Anonymous Property Queries – True
- Allow Custom Properties – False
- Allow Property Queries with Infinite Depth – True
- NOTE: If you receive a “WebDAV is not set up properly” error during MP setup later and you *know* you’ve configured the above properly, you may want to refer to this blog post courtesy Ithastobecool.com: http://bit.ly/iYBHRF
- Install Configuration Manager with Custom Settings and select the Secondary Site option
- Install KB 977384 (Configuration Manager 2007 R3 Prerequisite)
- Install Configuration Manager 2007 R3
- Install Configuration Manager 2007 Toolkit 2
- Copy all *.PCK files from the SMSPKG directory on the Primary Site Server to a new SMSPKG directory created on the new Secondary Site
- Execute PreloadPkgOnSite.exe from the Configuration Manager 2007 Toolkit against the *.PCK files on the Secondary Site. To automate the process, I used a modified version of the PowerShell script shown here in John Marcum’s blog post: http://bit.ly/jd3lUx
- NOTE: If you have not previously done so, you’ll need to adjust the PowerShell settings to allow for the execution of scripts using the command Set-ExecutionPolicy Unrestricted –Force
- Copy Packages via the Configuration Manager console to the new Secondary Site
- Monitor the Secondary Site’s distmgr.log for package errors
- Configure Site Roles as desired
Technet also has a reference on setting up a Secondary Site that is a good reference: http://bit.ly/mIHkjY
Release notes are available here. The patch resolves 3 issues, and includes the following new features:
SiteAdvisor Enterprise Plus
- All policies support ePolicy Orchestrator 4.5 policy assignment rules
- Rating Actions policy exceptions for red and yellow sites based on threat factors
- Event Tracking policy to track all visits to domain sites with options for private domains
- Authorize/Prohibit List policies support port numbers in site patterns
- Enforcement Messaging policy option to include a corporate logo in messages
- General policy option to hide SiteAdvisor Enterprise Plus in the Add/Remove Programs control panel
- Improvements to the client interface
- General policy option to configure SiteAdvisor Enterprise Plus to stand down from its enforcement and site rating operations
when a web gateway is detected - Improvements in the Safesearch functionality
Web Filtering for Endpoint
- Content Action policy to indicate the action (block, warn, allow) for a site based on site content
- Reports that include website content categorization
Browser support
- SiteAdvisor Enterprise Plus now supports Microsoft Internet Explorer 9, 32 bit only
Related KnowledgeBase here, release notes available here. McAfee considers this a “recommended” release. As per their ratings system, this is defined as “McAfee recommends this release for all environments. This update should be applied at the earliest convenience.” This patch addresses 11 identified issues.
The patch is available on their support portal, accessible here.
The hotfix resolves the following issues:
The hotfix is available by contacting technical support – it is not currently available via the support portal.