Revert Endpoint Security back to a previous AMCore version using ePolicy Orchestrator
Technical Articles ID:
KB91415
Last Modified: 2022-02-01 21:49:03 Etc/GMT
Environment
Endpoint Security (ENS) Threat Prevention 10.x
ePolicy Orchestrator (ePO) 5.x
Summary
To revert AMCore content to a previous version using the ePO console:
- Create the Roll Back AMCore Content client task:
- Log on to the ePO console.
- Click Menu, Policy, Client Task Catalog.
- Under Endpoint Security Threat Prevention, select the default task Roll Back AMCore Content, and then click New Task.
- Populate the task criteria with the AMCore content version you want to roll back from.
- Click Save.
- Assign the task to the client computers:
- Click Menu, Systems, System Tree.
- Click the Assigned Client Tasks tab.
- Click Actions, New Client Task Assignment.
- Under Task to Schedule, select your Roll Back AMCore Content task.
- Under Schedule Type, choose Run Immediately from the drop-down list.
NOTE: Don't select the option to Enable randomization.
- Click Save.
- Send an Agent Wakeup Call to the groups, and change Agent Randomization to 0.
- Send another Agent Wakeup Call after a few minutes, and change Agent Randomization to 0 with Retrieve all Properties selected. When agents check in to the ePO server, they update the Properties of all computers to reflect the downgraded AMCore content file.
To prevent an AMCore content version from being available in your environment:
Use this section if your environment hasn't yet received the unwanted AMCore content version, and you want to proactively prevent a particular version from being available across your environment.
- Disable the current Pull task:
- Log on to the ePO console.
- Click Menu, Automation, Server Tasks.
- Find the Pull task and click Edit.
- Under Schedule status, select Disabled.
- Click Save.
- Restore the previous AMCore content:
- Click Menu, Software, Master Repository.
- Under Current branch, locate AMCore Content Package, and click Delete.
- Select Previous branch, locate AMCore Content Package, and click Change branch.
- Select Copy and then select Current branch.
- Modify the Catalog Policies:
- Click Menu, Policy, Policy Catalog.
- Select McAfee Agent.
- Select General from the Category drop-down list.
- Click a policy.
-
Click the Updates tab.
- Select the option Enable DAT file downgrades when the version in the repository is older than local version.
- Click Save.
- Repeat these steps for all McAfee Agent General policies configured, as needed.
- Replicate changes to Distributed Repositories:
NOTE: If you don't use Distributed Repositories, go to step 5.
- Click Menu, Automation, Server Tasks.
- Select the repository replication task and click Run.
- Monitor and wait for the task to complete.
- Apply changes to client computers:
- Click Menu, Systems, System Tree.
- Click the Assigned Client Tasks tab.
- Choose Edit Assignment on the Update Task for AMCore files.
- Click the Schedule tab and change the Schedule type drop-down list to Run immediately.
NOTE: Don't select the option to Enable randomization.
- Click Save.
- Send an Agent Wakeup Call to the groups, and change Agent Randomization to 0.
- Send another Agent Wakeup Call after a few minutes, and change Agent Randomization to 0 with Retrieve all Properties selected. When agents check in to the ePO server, they update the Properties of all computers to reflect the downgraded AMCore content file.
|