Introduction to Reference Configurations
Reference configurations are deployment scenarios that we recommend, which have undergone extensive testing to ensure proper sequencing. The scenarios reduce the need for restarts and improve ease of execution. Use the reference configuration report finder to find the scenario that you need. The search tool allows you to filter reference configuration documents by product, installation type (fresh installation or upgrade), and Windows version.
For more details about reference configurations and answers to frequently asked questions, see KB88274 - Introduction to Reference Configurations.
This reference configuration document is designed for customers who want to deploy products with specific operating systems to create a "gold image" for deployment. For these customers, this document describes a fresh install sequence.
NOTE: Not all products are included in this document. It represents products that are commonly used. If your product mix is a subset of this configuration, you can skip over any product deployment that does not apply to your needs. The recommended products in this reference configuration don't necessarily represent the latest released versions of many products.
Before You Begin
Before beginning the deployment process, there are several preparatory actions that help lead to a successful deployment process.
Review the latest release notes and known issues
Although we officially recommend this reference configuration, we might discover issues that can impact the success of your deployment. See the "Recommended Product Configuration" table for links to known issues for each product version.
Plan for restarts
Some operating system driver modules installed during product upgrades are properly loaded into memory only at runtime. As a result, they need a restart to facilitate the loading of the new drivers. Limitations of the operating system require that only one version of these drivers be loaded at a time. So, depending on which products you're installing, you might need to restart multiple times. This deployment path has been optimized to minimize the number of restarts needed when you update all products listed in the sequence.
If you're planning to update only a subset of products, plan to restart after the updates are complete.
Recommended Product Configuration
The table below lists commonly deployed products, determined based on telemetry samplings from a large set of customers. We recommend deploying these products to take advantage of the recent product offering for the ENS 10.6.0. This configuration has been extensively tested for cross-product compatibility using Windows 7 Enterprise SP1 x64, Windows 8.1 x64, Windows 10 version 1709 (Fall Creators Update), Windows Server 2008 R2, Windows Server 2012 R2, and Windows Server 2016, and assumes a clean system without any of our products previously installed.
| Products |
Recommended Versions
(Client – Windows 7 Enterprise SP1 x64, 8.1 x64, 10 version 1709
Server – Windows Server 2008 R2, 2012 R2, 2016) |
Known
Issues |
| ePolicy Orchestrator |
5.10.0.2428 |
KB90382 |
| Data Exchange Layer Broker (DXL Broker) |
4.1.1.113 |
- |
| Threat Intelligence Exchange Server |
2.3.0.328 |
KB85172 |
| Active Response Server |
2.4.0.134 |
KB88196 |
| Advanced Threat Defense |
4.4.0 |
KB89507 |
| McAfee Agent |
5.5.1.342 |
- |
| ENS |
10.6.0.357 |
KB82450 |
| Skyhigh Client Proxy |
2.3.4.161 |
KB83131 |
| DXL Client |
4.1.1.123 |
- |
| Adaptive Threat Protection |
10.6.0.656 |
KB82450 |
| Active Response Client |
2.4.0.134 |
KB88196 |
| Host Intrusion Prevention System |
8.0.0.4605 (Update 11) |
- |
| Data Loss Prevention Endpoint |
11.0.500.582 |
KB89301 |
| Drive Encryption |
7.2.6.6 |
KB84502 |
| File and Removable Media Protection (FRP)1 |
5.0.7.111 |
KB85807 |
| Application and Change Control |
8.2.0.140 |
KB87838
KB87839 |
1 FRP isn't supported on server operating systems. For details, see
KB81149 - Supported platforms for File and Removable Media Protection.
Installation Process
This section outlines the recommended order of operation.
NOTES:
- Dark green boxes indicate server systems.
- Light blue boxes indicate a new product deployment.
- Boxes outlined in red indicate that a system restart is needed to enable that product.
