Use this article as a guide to deploy a custom
EEDK for Microsoft update readiness.
Content
This EEDK packaged script contains an applet that deploys a registry key to systems, as needed by Microsoft. The registry key indicates compatibility with certain versions of their
“Spectre” and “Meltdown” mitigations update. The script is an ePO-deployable package
(KB90167000.zip) available in the Attachments section of this article. A system restart is not needed. The applet does not perform operating system checks itself, but if deployed through ePO, it is only deployable to Windows versions 6.0–10.0. See the system requirements below. We signs the script, and the .exe also contains our version information.
Considerations
Consider the following before you run the
EEDK package client task:
- The applet must be run as an Administrator, or deployed through ePO. It does not function properly if it is renamed.
- The ePO-deployable applet is an archive and can be extracted to reveal the standalone executable. For standalone or third-party use, the applet does not outwardly indicate a failure when it is not run as Administrator; it just fails silently.
- There is no logging or temporary files associated with this utility; it executes its job and then exits.
- To verify that the package has run successfully, examine the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat. The key must contain a REG_DWORD value cadca5fe-87d3-4b96-b7fb-a231484277cc with data 0x00000000.
- The registry settings are overwritten each time you run the applet.
- We recommend that you thoroughly test the applet in the intended environment before mass deployment.
System Requirements
- Windows 6.0–10.0
- x86 and x64
- Administrative permissions are required to run
- If run manually with UAC enabled, elevation is also needed
- If you deploy to systems with Application Control deployed, take one of the following approaches for successful deployment:
- Create an ePO Policy rule and apply to any endpoint. [Recommended]
- Configure Application Control to be in update mode before you run this applet in standalone, or before you deploy through ePO. The user must disable update mode afterward.
- Authorize this applet with a remote task command (“sadmin attr -add Setup_KB90167.exe”).
Recommended Steps
- Check in the package to the Master Repository.
NOTE: If you have distributed repositories, run the repository replication task. Incremental is sufficient.
- Create a task in the task catalog for eventual deployment.
- Click the Task Catalog applet under the main menu, Policy.
- Select McAfee Agent.
- Choose Product Deployment as the type.
- Click New Task.
- Confirm the type in the drop-down list and click OK as shown:
- In the New Task dialog box, create a task similar to the one below:
- To save the new task, click OK. Use the new task in any of the ePO-supported deployment methods. For example, shown below is an assigned Client Task. From a selected system or systems, use the Action menu, Agent, and Modify Tasks on a Single System. On the new screen, you can select the Actions menu and New Client Task Assignment. Choose Run Immediately, or schedule it for a time that works for your environment.