McAfee EPOLICY ORCHESTRATOR 4.5 Product Manual page 172

Deploying Software and Updates
Deployment packages for products and updates
You can configure product policy settings before or after deployment. McAfee recommends
configuring policy settings before deploying the product to network systems. This saves time
and ensures that your systems are protected as soon as possible.
These package types can be checked in to the master repository with pull tasks, or manually.
Supported package types
Package type
SuperDAT (SDAT.exe) files
File type: SDAT.exe
Supplemental detection
definition (ExtraDAT) files
File type: ExtraDAT
Product deployment and update
packages
File type: zip
Agent language packages
File type: zip
Package signing and security
All packages created and distributed by McAfee are signed with a key pair using the DSA (Digital
Signature Algorithm) signature verification system, and are encrypted using 168-bit 3DES
encryption. A key is used to encrypt or decrypt sensitive data.
You are notified when you check in packages that are not signed by McAfee. If you are confident
of the content and validity of the package, continue with the check-in process. These packages
are secured in the same manner described above, but are signed by ePolicy Orchestrator when
they are checked in.
Digital signatures guarantee that packages originated from McAfee or were checked in by you,
and that they have not been tampered with or corrupted. The agent only trusts package files
signed by ePolicy Orchestrator or McAfee. This protects your network from receiving packages
from unsigned or untrusted sources.
Package ordering and dependencies
If one product update is dependent on another, you must check in the update packages to the
master repository in the required order. For example, if Patch 2 requires Patch 1, you must
check in Patch 1 before Patch 2. Packages cannot be reordered once they are checked in. You
must remove them and check them in again, in the proper order. If you check in a package
that supersedes an existing package, the existing package is removed automatically.
172 McAfee ePolicy Orchestrator 4.5 Product Guide
Description
The SuperDAT files contain both DAT
and engine files in one update package.
If bandwidth is a concern, McAfee
recommends updating DAT and engine
files separately.
The ExtraDAT files address one or more
specific threats that have appeared
since the last DAT file was posted. If
the threat has a high severity, distribute
the ExtraDAT immediately, rather than
wait until that signature is added to the
next DAT file. ExtraDAT files are from
the McAfee website. You can distribute
them through ePolicy Orchestrator. Pull
tasks do not retrieve ExtraDAT files.
A product deployment package contains
the installation software of a McAfee
product.
An agent language package contains
files necessary to display agent
information in a local language.
Origination
McAfee website. Download and check
SuperDAT files in to the master repository
manually.
McAfee website. Download and check
supplemental DAT files in to the master
repository manually.
Product CD or downloaded product zip
file. Check product deployment packages
in to the master repository manually. For
specific locations, see the documentation
for that product.
Master repository — Checked in at
installation. For future versions of the
agent, you must check agent language
packages into the master repository
manually.