How to upgrade Trellix Agent for Trellix Linux Operating System using ePolicy Orchestrator

Technical Articles ID: KB85586
Last Modified: 2023-06-20 11:54:01 Etc/GMT

Environment

Active Response 2.x
Data Exchange Layer (DXL) - all supported versions
Threat Intelligence Exchange (TIE) Server 4.x, 3.x, 2.x
Trellix Agent (TA) 5.x

For details of DXL-supported environments, see KB90421 - Supported platforms for Data Exchange Layer Broker.

Summary

TIE 4.x and TIE 3.x
In TIE 3.x and later, TA is automatically upgraded with the TIE Server. Perform the manual upgrade process outlined below when a new TA for the Linux Operating System version is published after the TIE Server release.

TIE 2.x
To upgrade TA for the Trellix Linux Operating System (TLOS) using ePolicy Orchestrator (ePO):

Check in TA for the TLOS package:
1. Download TA for the TLOS package.
2. Check the package into the Master Repository in ePO.
Upgrade TA using a product deployment task:
1. Log on to the ePO console.
2. Click Menu, System, System Tree.
3. Click the Assigned Client Tasks tab, click the Actions drop-down list, and then select New Client Task Assignment. The Client Task Assignment Builder wizard opens to the Description page.
4. Click Create New Task next to Task Actions.
5. Name the task, and then select Product Deployment from the drop-down list.
6. Select whether to send the task to all computers or tagged computers only, and then click Next. The Configuration page appears.
7. Select the target platform Trellix Linux OS.
8. Specify the version of TA to deploy. Use the drop-down lists in the Products and Components area.
  Example: Trellix Agent for Trellix Linux OS <Version_number.build_number>.
9. Click Next. You see the Schedule page.
10. Schedule the task as needed, and then click Next.
11. Verify the task details, and then click Save. The new deployment task is sent to the client computers at the next agent-server communication. Every time the task runs, it checks to determine whether to install the specified TA.
When the upgrade finishes, perform the following steps for each TIE Server to confirm that TA is upgraded successfully:
1. Log on to the TIE Server.
2. Confirm that TA is upgraded to the latest version:
  
  rpm -qa | grep MFEcma
  
  The command returns MFEcma-5.x.x
3. Stop the DXL Client installation retry logic. Run the following command as root.
  
  NOTE: The TIE Server and Active Response Server use an embedded DXL Client. No additional DXL Client is needed.
  
  rm -f /var/McAfee/agent/data/contrib/*
4. Restart the TA service. Run the following command as root:
  
  service ma restart
Perform an agent wake-up call in ePO for each TIE Server:
1. Log on to the ePO console.
2. Click Menu, System, System Tree.
3. Select the TIE Servers.
4. Click Actions, Agent, Wake Up Agents.
5. Select Force complete policy and task update.
6. Click OK.
  
  NOTE: It might take a few minutes for the TIE Server properties to be sent to the ePO server.
Verify the TA for the TLOS installation:
1. Verify that the TA services are up and running after the upgrade.
2. In ePO, click Menu, System, System Tree.
3. Select each TIE Server, click the Products tab, and verify that the TA product reports the upgraded version.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

How to upgrade Trellix Agent for Trellix Linux Operating System using ePolicy Orchestrator

Environment

Summary

Affected Products

Languages:

Title

Title

Knowledge Center

How to upgrade Trellix Agent for Trellix Linux Operating System using ePolicy Orchestrator

Environment

Summary

Affected Products

Languages:

Choose your region

Title

Title