Application Resilience policies for Trellix ePolicy Orchestrator
You can activate an Application Resilience policy Trellix ePolicy Orchestrator® (Trellix ePO), formerly known as McAfee® ePolicy Orchestrator® (McAfee ePO), to collect information about the functional status of Trellix ePO installed on your Windows devices and view the results in reports. You can also configure the policy to attempt to reinstall the application.
McAfee ePolicy Orchestrator changed its product name to Trellix ePolicy Orchestrator. Trellix ePO can refer to either product name, depending on the version of the application you are running.
System requirements
Application Resilience policies for Trellix ePO are supported on devices running:
- a supported version of the Windows operating system
-
PowerShell version 5.1 or higher
Due to PowerShell restrictions imposed by Microsoft, Application Resilience isn't supported for this application on devices running Windows 11 SE.
-
one of the following versions of the Trellix ePO:
-
5.7.8.x or higher
Significant software changes in higher versions may cause health checks to become invalid.
- 5.6 to 5.7.7
- 5.5.x
- 5.0.x
-
Health checks
Trellix ePO version 5.7.8.x or higher
In addition to checking the version, the following table describes the health checks performed:
If you select Report higher versions as Compliant, higher versions report Compliant without running health checks.
| Component | Test performed | ||
|---|---|---|---|
| Services | Installed | Running | Signed by |
|
P | P |
One of the signers entered in the policy configuration By default, Signers contains "McAfee, Inc." and "MUSARUBRA US LLC". |
|
P | n/a | |
Trellix ePO version 5.6.x to 5.7.7 and McAfee ePO version 5.5.x
In addition to checking the version, the following table describes the health checks performed:
If you select Report higher versions as Compliant for versions 5.6 to 5.7.7, higher versions report Compliant without running health checks.
If you select Report higher versions as Compliant for version 5.5.x, higher versions report Compliant if all health checks, other than the version check, pass.
| Component | Test performed | ||
|---|---|---|---|
| Services | Installed | Running | Signed by |
|
P | P | McAfee, Inc. |
|
P | n/a | |
McAfee ePO version 5.0.x
In addition to checking the version, the following table describes the health checks performed:
If you select Report higher versions as Compliant, higher versions report Compliant if all health checks, other than the version check, pass.
| Component | Test performed | ||
|---|---|---|---|
| Services | Installed | Running | Signed by |
|
P | P | McAfee, Inc. |
Repairing and reinstalling
Trellix ePO version 5.7.8.x or higher
You can configure an Application Resilience policy for Trellix ePO to enable the Application Resilience (RAR) component A lightweight software component of the Secure Endpoint Agent that detects the status of third party applications installed on a device. The component may also attempt to repair the third party application if it is non-compliant. The RAR component is deployed on a device only when the device is associated with a customized policy group and that policy group's Application Resilience policy is activated. to attempt to repair Trellix ePO if it's not functioning, or reinstall it if it's missing or can't be repaired
Depending on the Absolute product licenses associated with your account, the Report and repair option, and the Report, repair, and reinstall option may not be available.
The RAR component of the Secure Endpoint Agent can respond to the following issues:
| Issue | Resolution |
|---|---|
| Reinstall | |
|
Downgrades are not supported. If the version installed on a device is higher than the expected version, no action is taken. |
|
|
One or more of the following services aren't running or aren't installed:
|
The RAR component downloads and installs the configured version of the application. |
| The expected version of Trellix ePO isn't installed | |
Trellix ePO version 5.6 to 5.7.7 and McAfee ePO version 5.5.x
You can configure an Application Resilience policy for Trellix ePO to enable the Application Resilience (RAR) component A lightweight software component of the Secure Endpoint Agent that detects the status of third party applications installed on a device. The component may also attempt to repair the third party application if it is non-compliant. The RAR component is deployed on a device only when the device is associated with a customized policy group and that policy group's Application Resilience policy is activated. to attempt to reinstall the Trellix ePO if it's not functioning or it's missing.
The Report and repair option isn't supported. Depending on the Absolute product licenses associated with your account, the Report, repair, and reinstall option may not be available.
The RAR component of the Secure Endpoint Agent can respond to the following issues:
| Issue | Resolution |
|---|---|
| Reinstall | |
|
Downgrades are not supported. If the version installed on a device is higher than the expected version, no action is taken. |
|
|
One or more of the following services aren't running or aren't installed:
|
The RAR component downloads and installs the configured version of the application. |
| The expected version of Trellix ePO isn't installed | |
McAfee ePO version 5.0.x
You can configure an Application Resilience policy for McAfee ePO to enable the Application Resilience (RAR) component A lightweight software component of the Secure Endpoint Agent that detects the status of third party applications installed on a device. The component may also attempt to repair the third party application if it is non-compliant. The RAR component is deployed on a device only when the device is associated with a customized policy group and that policy group's Application Resilience policy is activated. to attempt to reinstall McAfee ePO if it's not functioning or it's missing.
The Report and repair option isn't supported. Depending on the Absolute product licenses associated with your account, the Report, repair, and reinstall option may not be available.
The RAR component of the Secure Endpoint Agent can respond to the following issues:
| Issue | Resolution |
|---|---|
| Reinstall | |
|
Downgrades are not supported. If the version installed on a device is higher than the expected version, no action is taken. |
|
|
One or more of the following services aren't running or aren't installed:
|
If the application is installed, the RAR component uninstalls it. After the application is uninstalled, or if the application wasn't installed, the RAR component downloads and installs the configured version of the application. |
| The expected version of McAfee ePO isn't installed | |
Preparing the installer
The installer:
-
must be an EXE file
-
can have any file name
Pre-caching installers
The RAR component looks for the following files names when checking pre-cached installers:
Trellix ePO version 5.7.8.x or higher
| Component | File name |
|---|---|
| Installers | TrellixAgent.exe |
Trellix ePO version 5.6 to 5.7.7
| Component | File name |
|---|---|
| Installers | McAfeeAgent.exe |
McAfee ePO version 5.5.x and McAfee ePO version 5.0.x
| Component | File name |
|---|---|
| Installers | FramePkg.exe |
Configuring Application Resilience policies
Trellix ePO version 5.7.8.x or higher
Before you activate an Application Resilience policy you need to configure the policy. You need to configure the application version in addition to the settings in Configuring Application Resilience policies.
To configure the application version:
-
Under Application version, select 5.7.8.* or higher from the drop-down.
-
Under Trellix ePolicy Orchestrator® (formerly McAfee® ePolicy Orchestrator®) version, enter the version of Trellix ePO you expect to be running on your devices.
- The target version must be a sequence of digits separated by a period.
- You can use wildcard "*" characters after the minor version number, for example, 5.7.* or 5.7.8.*.
Make sure the version you are entering is consistent with version 5.7.8.x or higher.
Trellix ePO version 5.6 to 5.7.7
Before you activate an Application Resilience policy you need to configure the policy. You need to configure the application version in addition to the settings in Configuring Application Resilience policies.
To configure the application version:
-
Under Application version, select 5.6 - 5.7.7 from the drop-down.
-
Under Trellix ePolicy Orchestrator® (formerly McAfee® ePolicy Orchestrator®) version, enter the version of Trellix ePO you expect to be running on your devices.
- The target version must be a sequence of digits separated by a period.
-
You can use wildcard "*" characters after the major version number, for example, 5.*, 5.6.*, or 5.6.1.*.
Make sure the version you are entering is consistent with version 5.6 to 5.7.7.
McAfee ePO version 5.5.x and McAfee ePO version 5.0.x
Before you activate an Application Resilience policy you need to configure the policy.
