Introduction to Reference Configurations
Reference configurations are deployment scenarios that we recommend, which have undergone extensive testing to ensure proper sequencing. The scenarios reduce the need for restarts and improve ease of execution. Use the reference configuration report finder to find the scenario that you need. The search tool allows you to filter reference configuration documents by product, installation type (fresh installation or upgrade), and Windows version.
For more details about reference configurations and answers to frequently asked questions, see KB88274 - Introduction to Reference Configurations.
This reference configuration document is designed for customers who already have our products deployed. This document was created by building a baseline system matching the most commonly deployed versions of our products at that point in time, and then upgrading to recently released product versions. The intent is to provide a roadmap for upgrading to recent releases.
NOTE: Not all products are included in this document. It represents products that are commonly used. If your product mix is a subset of this configuration, you can skip over any product deployment that does not apply to your needs. The recommended products in this reference configuration don't necessarily represent the latest released versions of many products.
Before You Begin
Before beginning the deployment process, there are several preparatory actions that help lead to a successful deployment process.
Review the latest release notes and known issues
Although we officially recommend this reference configuration, we might discover issues that can impact the success of your deployment. See the "Recommended Product Configuration" table for links to known issues for each product version.
Plan for restarts
Some operating system driver modules installed during product upgrades are properly loaded into memory only at runtime. As a result, they need a restart to facilitate the loading of the new drivers. Limitations of the operating system require that only one version of these drivers be loaded at a time. So, depending on which products you're installing, you might need to restart multiple times. This deployment path has been optimized to minimize the number of restarts needed when you update all products listed in the sequence.
If you're planning to update only a subset of products, plan to restart after the updates are complete.
Adapt this guideline to your specific upgrade plan
Your current deployment baseline might differ from the versions mentioned in the "Recommended Product Configuration" table. If some of your product versions are more recent than this provided baseline, you can still follow the recommended sequence. If you don't use some of the products in the list, you can skip that product.
Recommended Product Configuration
The table below lists commonly deployed products, determined based on telemetry samplings from a large set of customers. We recommend that you deploy these products to take advantage of the recent product offering for ENS 10.7.0. This configuration is extensively tested for cross-product compatibility using the list of operating systems below:
Operating systems: Windows 7 SP1, Windows 8.1 Update, Windows 10 version 1909 (November 2019 Update), Windows Server 2008 R2 SP1, Windows Server 2012 R2, Windows Server 2019
| Products |
Common Versions |
Recommended Versions |
Operating System
Upgrade1 |
Known Issues |
| ePolicy Orchestrator (ePO) |
5.9.1.251 |
- |
For the Client OS:
Windows 7 SP1 or
Windows 8.1 Update
To
Windows 10 version 1909
(November 2019 Update)
For the Server OS3:
Windows Server 2012 R2
To
Windows Server 2019 |
- |
| Protection Workspace |
- |
Service extension: 1.0.0.1302
UI extension: 1.0.0.1074 |
- |
Data Exchange
Layer Broker |
- |
6.0.0.197 |
KB90991 |
Threat Intelligence
Exchange Server |
- |
3.0.0.460 |
KB91389 |
Endpoint Detection
and Response (EDR) Cloud |
- |
EDR Extension: 3.0.0.845
Cloud Bridge: 2.0.0.290
Configure to work with
EDR Client. |
- |
| Advanced Threat Defense |
- |
4.8.0 |
KB89507 |
| Web SaaS |
- |
Configure to work with
Skyhigh Client Proxy (SCP) |
- |
| McAfee Agent |
5.0.5.658 |
5.6.3.157 |
KB90993 |
| VSE |
8.8.0 Patch 9
Client: 8.8.0.1804 |
- |
- |
ENS
- ENS Platform
- ENS
Threat Prevention
- ENS Firewall
- ENS Web Control
- Adaptive
Threat Protection
|
- |
10.7.0.1285
10.7.0.1415
10.7.0.945
10.7.0.1086
10.7.0.1531 |
KB82450
KB88788 |
| SCP |
- |
3.0.0.162 |
KB83131 |
| EDR Client |
- |
3.0.0.404 |
KB91275 |
Host Intrusion
Prevention System |
8.0.0 Patch 11
Extension: 8.0.0.1183
Client: 8.0.0.4605 |
8.0.0 Patch 14
Extension: 8.0.0.1280
Client: 8.0.0.5129 |
- |
| SiteAdvisor Enterprise |
3.5.0 Patch 5
Extension: 3.5.0.375
Client: 3.5.0.1476 |
- |
- |
Data Loss
Prevention Endpoint |
Extension: 11.100.16
Client: 11.1.100.23 |
Extension: 11.4.0.17
Client: 11.4.0.452 |
KB89301 |
| Drive Encryption |
Extension: 7.2.5.24
Client: 7.2.5.24 |
Extension: 7.2.9.5
Client: 7.2.9.5 |
KB84502 |
File and Removable
Media Protection (FRP)2 |
5.0.9.108 |
5.1.0.209 |
KB85807 |
Application and
Change Control |
Extension: 8.0.2.118
Client: 8.0.2.125 |
Extension: 8.2.1.229
Client: 8.2.1.435 |
KB87838
KB87839 |
1 For details about performing the operating system upgrade, see the related articles below:
2 FRP isn't supported on Server operating system
.
3 Windows Server 2008 R2 can't be upgraded to Windows Server 2019.
Installation Process:
This section outlines the recommended order of operation.
NOTES:
- Check in all extensions to ePO before you upgrade the products.
- Green boxes indicate server systems.
- Dark blue boxes indicate when a product upgrade is recommended.
- Light blue boxes indicate a new product deployment.
- Boxes outlined in red indicate that a system restart is required to enable that product.
