Mcafee ePO policy

My Mcafee ePO server not functioning properly so we have stopped all the ePO services on the server few weeks ago. I will be rebuilding new Mcafee ePO server later.

I have Mcafee installed on my laptop which for some how still showing my servers in the repositry list and does not update from the internet. When i add http or ftp address of Mcafee in repositry list it adds but then after i close and open my Mcafee it removes itself. I just want to run Mcafee on my laptop as standalone and get update from internet. Can anyone tell me from where it is still getting policy? and how can i get rid of this behaviour? thanks
tech2010Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

fcretsCommented:
Your VirusScan is still managed by the McAfee Agent also installed on your laptop. This Agent still has the policies in its cache from the last connection with ePO weeks ago. At a given interval (default every 5 min) it enforces this set of policies (including update locations) on your VirusScan Enterprise.

In the registry, the key HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent\AgentGUID still contains an Agent ID. This shows you that the Agent is in a managed state.

To make your installation stand-alone, execute this command (requires local admin rights):
c:\program files\mcafee\common framework\frminst.exe /remove=agent

After this, check for the registry key again. AgentGUID will be empty, telling you that your installation is now stand-alone.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tech2010Author Commented:
ah. good. so do i need to re-install Mcafee again on my machine or just restart machine to take it effect?

Also is it safe to just go to that location in the registry and remove AgentGUID? thanks
0
fcretsCommented:
Your questions show that I need to clarify a bit.
You don't need to reinstall anything. The command uses frminst.exe, which is just an executable of the agent that takes parameters, in this case, you tell it to disable the managed part of the agent and continue in stand-alone mode. Just executing the command will do this, no need to reinstall anything.
Please don't delete anything from the registry. The command "frminst.exe /remove=agent" will do this for you. I just referenced the registry so you can see the difference before and after the command.
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

tech2010Author Commented:
it is too late now, actually when i ran "frminst.exe /remove=agent" the box come up which stopping and restarting service etc.. but could not completed successfully and failed that could not stop services. Now i am the administrator of the machine and domain admin so i could not understand why it could not compelte the process. so then i manually deleted all the registry key under Agent. but stil problem did not fix. any idea?
0
fcretsCommented:
I would have preferred that you did not delete anything from the registry... The agent installation is probably corrupted now, which means that it will not start scheduled on-demand scans, DAT updates etc. Even a stand-alone VirusScan installation needs an agent running for these tasks, so just deleting parts of the Agent information in the registry was not the correct thing to do.
If you have a backup of what you deleted from the registry, please restore it.

If you don't have backup, disable the Access Protection component in VirusScan Enterprise, then remove VirusScan Enterprise using "Add/Remove Programs" (XP) or "Programs and Features" (Vista/Win7). If possible remove the agent too, otherwise use a tool like msiinv.exe and msizap.exe to delete the remnants of the agent.
When that is successful, install VIrusScan Enterprise locally and it will be running in stand-alone mode.

Good luck.
0
tech2010Author Commented:
ok i will re-install this, but just to tell you before posted this question on expert exchange i had re-installed Mcafee on my machine few weeks ago but after it install it still populate the list of my servers under repositry list and never update from internet. but anyway because i have now deleted the registry and will do bits which you advised and then will re-install and will see how it goes from there.
0
fcretsCommented:
OK, I'll hear how it goes.

Just for your information, you have to understand the importance of the McAfee Agent for the VirusScan Enterprise product. When you run VirusScan Enterprise, there is ALWAYS an agent present too, it doesn't matter if you installed VirusScan stand-alone or you installed it via ePO. The reason is that it is not VirusScan that does the updates, it is the Agent. So there ALWAYS needs to be  an agent active.

The command frminst.exe /remove=agent is NOT intended to uninstall the agent product. It only disables  the managed part (by emptying the AgentGUID and loading a standard SiteList). All the other functionality (DAT updates, scheduling of On Demand scans, etc) is still active after running the command.

The reason why your VirusScan installation was still trying to update from ePO after the reinstallation was that the Agent was untouched during that VirusScan reinstall. It's the Agent that manages the updates, so nothing actually changed.
0
tech2010Author Commented:
thanks for clarification, this is such a usefull information. I will give it a try and will let you know.

I would like to understand the complete ePO process/funcationality and how it intracts with desktop Mcafee machines as i have plan to install ePO on brand new server and brand new version and then i would like to update all desktop machine in local and remote offices via ePO. Is there any good documentation available which is easy to understand and workable. thanks alot.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.