Installing the McAfee Agent and licensed software

You must install the McAfee Agent on a system before you can deploy other software.

McAfee Agent is a client-side component that is installed on the systems in your environment. It provides secure communication between McAfee ePO and your managed systems, and between the McAfee ePO and your managed products.

It also serves as an update interface for managed and unmanaged McAfee products.

What happens when you install the agent

  1. McAfee Agent is installed on a client. The agent automatically initiates communication with McAfee ePO within 10 minutes of installing the software.
  2. The McAfee Agent establishes a secure connection between the client and McAfee ePO.
  3. The McAfee Agent downloads software to the client over the secure connection, based on the deployment tasks defined using McAfee ePO.
  4. The McAfee Agent sends client properties, events, and other information back to McAfee ePO.

What the agent does in your environment

The McAfee Agent is not a security product on its own; instead it communicates to all McAfee and partner security products and passes the information to and from the McAfee ePO server. The McAfee Agent supports Windows, macOS, and Linux.

The core McAfee Agent functionality includes:

  • Handling all communication to and from the McAfee ePO server and passing that data to the client products
    • Collecting all product policies from the McAfee ePO server and assigning them to the appropriate products that are installed on the client
    • Collecting all client tasks from the McAfee ePO server and passing them to the appropriate products
  • Deploying content such as signatures, auditing checks, and engines
  • Deploying product upgrades, new products, patches, and hotfixes
  • Upgrading itself silently when a new version is released

McAfee Agent modularity

The modular design of the McAfee Agent allows you to add new security offerings to your environment as your needs change, using the same framework. McAfee has built a standard method of communicating policies, events, and tasks to client products. You never have to worry about communication or which ports to open when you add a product to your client. The McAfee Agent controls all these items. The advantages to this modular architecture are:

  • One component provides communication back to the server.
  • You can choose which products fit your organization.
  • The patch process is consistent across all products.
  • You can add new products as they are released.
  • You can use the same McAfee Agent for partner products, reducing overhead.

Inside the McAfee Agent directory

If you look inside the McAfee Agent installation directory, you can see what makes it unique.

By default, you can find the McAfee Agent installation file here on your McAfee ePO server:

C:\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3000\Install\0409\

Each McAfee Agent is automatically customized to your McAfee ePO server and includes the communication keys for your specific McAfee ePO server and a McAfee ePO server-specific Sitelist.xml file. Without these keys, the agents can't talk to your McAfee ePO server. The Sitelist.xml file configures your agents to find the McAfee ePO server and Agent Handlers using the IP address and DNS name. This file needs to be updated if you rename your McAfee ePO server, give it a new IP address, or add additional Agent Handlers. This process happens automatically.

Each McAfee ePO server has its own unique McAfee Agent installation file. If you have multiple servers, each agent communicates exclusively with the server where it was created.

Best practice: Keeping the McAfee Agent file up to date

It is important to download the latest McAfee Agent file so that the appropriate teams have the latest McAfee Agent file for new deployments. Make sure that you know who has the McAfee Agent executable in your environment and always control it by updating a central share every time you update your McAfee Agent.

If you gave this custom McAfee Agent to your desktop team a year ago, it is probably outdated. It becomes outdated if you have changed your McAfee ePO server, added or changed Agent Handlers, or checked in a newer version of the McAfee Agent to your server.

If you checked in a newer version of the McAfee Agent, you must also update the McAfee Agent extension in McAfee ePO. The latest McAfee Agent extension is backward compatible, so it can manage any previous McAfee Agent versions. Updating the McAfee Agent extension is the next step before you start using a new McAfee Agent version.