How to use the Endpoint Security Package Designer

Technical Articles ID: KB86438
Last Modified: 2022-03-25 05:25:33 Etc/GMT

Environment

Endpoint Security (ENS) Adaptive Threat Protection 10.6.x
ENS Firewall 10.6.x
ENS Package Designer (ENSPD)
ENS Threat Prevention 10.6.x
ENS Web Control 10.6.x

Summary

This article provides a simple guide for the ENSPD tool. The ENSPD tool takes you through creating a product package .zip file that contains preconfigured custom policies, or more executables to run when you install ENS.

Contents
Click to expand the section you want to view:

Requirements

The version structure for the ENSPD tool is parallel to that of ENS. Only the corresponding versions can be used together. For example, ENS 10.6.1 requires ENSPD 10.6.1. Before you run ENSPD, you must install ENS on a system in standalone or unmanaged mode, so you can customize policies.

Download the ENSPD tool

To download the ENSPD tool:

Log on to the Product Downloads site.
Select the Endpoint Security product.
Select the INSTALLATION filter.
Locate the Endpoint Security Package Designer.

Download the ENS installer package

Use the standalone complete installer package as the source package with the ENSPD tool. When you use an update release, make sure that you use the repost standalone installer package. Update and hotfix packages aren't supported as source packages.

To download the ENS installer package:

Log on to the Product Downloads site.
Select the Endpoint Security product.
Select the INSTALLATION filter.
Locate the standalone complete installer package, for example, Endpoint Security standalone install Version 10.6.1.

NOTE: Update packages and hotfix packages aren't supported as source packages.

IMPORTANT: Restart your computer after the installation, before you use the ENSPD tool for the first time.

Run the ENSPD tool

To run the ENSPD tool:

Open the ENSPD wizard.
On the Select Folders screen, select the source package file and destination folder for the custom package:
1. Browse to the package you want to create.
2. Browse to the folder where you want to create the package.
3. Optionally, specify a custom name for the package. The .zip file extension is appended to the file name automatically.
4. Click Next.
On the Modify Package screen, click Edit Settings and change the settings if needed, and then click Next.
On the Select Modules and Settings screen, select the modules to be part of the custom package. Choose the appropriate option for settings, as Custom or Default, based on your needs. Then, click Next. Endpoint Security Platform is a mandatory module and is always included.
On the Add Executables screen, add any executables to start either preinstall or post-install of a selected ENS module. You can add as many executables as you want to the preinstall and post-install step, and can include them for one or more modules.

IMPORTANT: We aren't responsible for the creation or support of third-party executables or scripts. Any results from the use of third-party executables or scripts are the responsibility of the customer.
1. Select the module from the drop-down list for which you want to add preinstall or post-install executables.
2. Add preinstall or post-install executables:
  - To add a preinstall executable:
    1. Click Add next to the corresponding table. An Executable Information window appears where you can provide the executable path and other information.
    2. Use the file browser dialog to choose the executable to include. The file can be a standalone executable file (.exe), or for more complex requirements, a .zip file that contains an executable, or another file type.
      
      IMPORTANT: ENS hotfix packages are released in a .zip file, so you must use the .zip file type when you include hotfix packages.
    3. Select the Quit on failure setting if you want to stop the ENS module installation because there's a failure during the execution of the specified executable.
    4. In the Success codes field, specify any return codes that you expect the specified executable to return when it has completed successfully. If the executable returns any other value, it's considered a runtime failure.
  - To add a post-install executable:
    1. Click Add next to the corresponding table. An Executable Information window appears where you can provide the executable path and other information.
    2. Use the file browser dialog to choose the executable to include. The file can be a standalone executable file (.exe), or for more complex requirements, a .zip file that contains an executable, or another file type.
    NOTE: There's no Quit on failure setting for a post-install executable.
3. Click Next.
On the Create Package screen, review and verify your selections and the content of the custom package, and then click Create. A progress bar displays the status of package creation.
On the Package Completed screen, select one of the following options:
- Open Package Location — Navigates to the folder where the package was created. From there, unzip the content of the package created. Check in the ENS modules into the Master Repository in ePolicy Orchestrator (ePO) for deployment. Or, you can deploy it with third-party software.
- Finish — Exits the wizard.

Your custom package is stored in the destination folder specified in step 2. You can check in the custom package to ePO so that any executable that needs to run, runs during the ENS deployment from ePO.

Include ENS product updates in a custom installer package

While you use the ENSPD at step 5 above (Add Executables screen), you can add the ENS product updates with the .zip file of each module and specify the setup executable within that .zip file. You need to select the appropriate ENS module when you add post-install executables.

Select the module. The modules are listed below:
- Endpoint Security Platform
- Firewall
- Threat Prevention
- Web Control
Click Add under Post-Install.
Click Browse.
In the File name menu, change the file extension selection from .exe to .zip.
Choose the applicable module update .zip file package.
Select the installer executable file:

NOTE: The executable list sorts all entries in alphabetical order by default, so mfehidin32.exe is the first entry, but isn't the correct one.
- Firewall: SetupFW.exe
- Platform: SetupCC.exe
- Threat Prevention: SetupTP.exe
- Web Control: SetupWC.exe
For the Success codes value, enter the values 0 and 3010 separated by commas, for example: 0,3010.

NOTE: The Success codes used here correlate to MSI success codes 0 (ERROR_SUCCESS) and 3010 (ERROR_SUCCESS_REBOOT_REQUIRED). See the Microsoft article MsiExec.exe and InstMsi.exe error messages for more details.
Repeat the above steps for each additional ENS module and update package.

Include the ENS Adaptive Threat Protection installer and updates in a custom installer package

To install the ENS Adaptive Threat Protection module, perform the steps below in the Threat Prevention module section.

NOTE: If you encounter any issues when you install the ENS Adaptive Threat Protection module with the ENSPD, contact Technical Support.

Add a Post-Install entry under the Threat Prevention module section.
For the Success codes value, enter the values 0 and 3010 separated by commas, for example: 0,3010.

NOTE: The Success codes used here correlate to MSI success codes 0 (ERROR_SUCCESS) and 3010 (ERROR_SUCCESS_REBOOT_REQUIRED). See the Microsoft article MsiExec.exe and InstMsi.exe error messages for more details.
Select the installer executable file SetupATP.exe.
Choose the applicable Adaptive Threat Protection installer .zip file package.
Repeat the above steps for any ENS Adaptive Threat Protection product updates.

NOTE: To install the ENS Adaptive Threat Protection module, the ENS Threat Prevention module must first be installed with the applicable Threat Prevention updates. The recommended installation order is below:
1. Threat Prevention installation
2. Threat Prevention updates
3. Adaptive Threat Protection installation
4. Adaptive Threat Protection updates

FAQs for the ENSPD tool

Does ENSPD check into ePO?
No. It's a standalone application.

Why use ENSPD where ENS is unmanaged or standalone?
A primary purpose of ENSPD is to apply policy configurations in the absence of ePO management.

What happens when an ENSPD installation becomes managed by ePO?
When an ePO-managed McAfee Agent enforces the ePO-defined policies, the ENSPD settings are replaced.

What modules does ENSPD currently support for customizing policies?
ENSPD supports customizing policies for Threat Prevention, Firewall, and Web Control.

Which ENS package do I specify as the source?
Use the standalone complete installer package. When you use an update release, make sure that you use the repost standalone installer package. Update and hotfix packages aren't supported as source packages. See the section "Include ENS product updates in a custom installer package" for details about how to install ENS product updates with ENSPD.

Can I add my custom package to ePO?
Yes. Unzip the customized output package. You see individual package files for Threat Prevention (TP), Web Control (WC), Firewall (FW), and Common modules. Check in these modules to ePO.

Can my custom package also preserve settings when I upgrade older versions?
No. The preserve settings functionality is ignored.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

How to use the Endpoint Security Package Designer

Environment

Summary

Affected Products

Languages:

Title

Title

Knowledge Center

How to use the Endpoint Security Package Designer

Environment

Summary

Affected Products

Languages:

Choose your region

Title

Title