Install McAfee MOVE Multiplatform for VDI
These are my brief notes on the topic but if you know your way with McAfee’s ePO you will find the hereunder very helpful, the hereunder will aid you to perform the installation whether to be used with VMware Horizon View and Citrix XenDesktop.
- Install ePO (here I used 5.1 with the latest patch).
- Disable product compatibility (Server Settings) and download the latest from here https://epo.mcafee.com/ProductCompatibilityList.xml
- Add the VSE8.8, MOVE client and offload scan server extensions and check in all the packages on the ePO server.
- Create the sub-tree categories and classify each group
- Create the product deployment client task for the VSE8.8, MOVE offload scan server and MOVE client.
- Deploy the McAfee agent to all the systems including the master image / golden image.
- Deploy Virus Scan Enterprise 8.8 (used patch 4 here) to the offload scanning servers.
- Deploy the offload scanning server to the offload scanning server (check the service and telnet to port 9053).
- Deploy the MOVE MP client to all virtual machines including the master image / golden image
- Check status cmd -> cd C:\Program Files (x86)\McAfee\MOVE AV Client\ -> mvadm status.
- VDI Golden Image / Master Image:
- For 32bit delete the AgentGUID value from it before sealing it (regedit -> AgentGUID ->HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent).
- For 64bit delete the AgentGUID value from it before sealing it (regedit -> AgentGUID -> HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicyOrchestrator\Agent).
- Configure both MOVE server and client policies and enforce them.
- Configure VSE8.8 policies (scan to archives, lock down, etc etc etc).
- Configure updates (get an extra dat and check it in then create a new policy and assign it to the tree).
- Virus scanning: Get the EICAR test virus and put in on one of the protected virtual machines.
- VDI: Create a machine catalog (XenDesktop) or create a new pool (Horizon View) and after the VDI virtual machines are provisioned you should see new machines popping in the ePO system tree and then you need to place them in their proper sub-tree group.