McAfee Endpoint Security 10.6.

0 -
Installation Guide (Unmanaged) -
Windows
Contents
Installation overview 3
Which type of installation do you need?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Installation and upgrade workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Planning your installation 5

Products that you can upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Compatibility with other virus-detection and firewall products. . . . . . . . . . . . . . . . . . . . . . . . 5
Compatibility with other McAfee products. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

System requirements 7

Pre-installation tasks 8
Preparing your system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Preconfiguring the product. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Export custom settings to import. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
ESConfigTool command-line options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Install and upgrade the software 11

Upgrade McAfee Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Install the software with the wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Install the software from the command line. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Installation (SetupEP) command-line options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Post-installation tasks 15
Verify the installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Test malware detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Test Real Protect scanning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Remove the software 17

Remove the software from systems locally. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Troubleshoot installations and upgrades 18

Customer support information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Resolving third-party compatibility issues by using Adaptive mode. . . . . . . . . . . . . . . . . . . 18
Resolving McAfee error codes and messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Resolving Windows error messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Checking installation log files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Checking Real Protect log file entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Using the MER tool for troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Installation overview
McAfee® Endpoint Security includes an installation wizard to assist with installing and upgrading the software on Windows
systems.
In the wizard, you can select one or more of these modules to install:
• McAfee® Endpoint Security Threat Prevention
• McAfee® Endpoint Security Firewall
• McAfee® Endpoint Security Web Control
• McAfee® Endpoint Security Adaptive Threat Protection (ATP) — Requires Threat Prevention.
McAfee® Endpoint Security Platform (the McAfee® Endpoint Security Common module) is automatically installed with any
Endpoint Security module.

McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows 3

Which type of installation do you need?
Whether you are installing the software for the first time or upgrading a previous version, the workflow is similar.
• Install the software for the first time — If the product isn't installed, download the software and run the installation wizard.
The wizard provides options for setting up the product.
• Upgrade a previous version of the software — If the product is installed, confirm that it can be upgraded to Endpoint
Security 10.6. Then download the software and run the installation wizard. Specify whether to save custom settings. By default,
the settings are saved.

Installation and upgrade workflow

Upgrades are similar to installing the software for the first time.

1. (Upgrade only) Confirm that your upgrade path is supported.

2. (Upgrade only, optional) If you plan to save your custom settings, review and revise them as needed.
3. Upgrade McAfee® Agent, if needed.
Note: Endpoint Security requires McAfee Agent 5.0.2.333 or later (version 5.5.0 is recommended). Endpoint Security
automatically upgrades version 4.0 and later of the agent to a supported version during product upgrades. You can also
upgrade the agent manually.
4. Copy the product installation file to the system.
Depending on how you purchased the product, you might need to download the file from a download site or copy it from a
disc.
5. Run the installation wizard to install or upgrade the product.
6. Verify that the client software is installed and up to date.
7. (Upgrade only) If you saved your custom settings, verify that they were saved.

4 McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows

Planning your installation
Products that you can upgrade
If an earlier, supported version of one or more Endpoint Security product modules is installed in your environment, you can
upgrade to version 10.6 and optionally save your custom settings.
You can upgrade these existing products:
• Endpoint Security 10.2.x or 10.5.x — Existing product versions are removed before the new versions are installed.
• Supported legacy products — Custom settings are saved by default. You can choose not to save them. Existing product
versions are removed before the new versions are installed.
◦ McAfee® VirusScan® Enterprise 8.8
◦ McAfee® SiteAdvisor Enterprise 3.5
• Endpoint Security Adaptive Threat Protection 10.5 — Existing product version is removed before the new version is installed.
• McAfee® Endpoint Security Threat Intelligence 10.2 — Existing product version is removed before the new version is installed.

Best practices for product compatibility

The installer validates that the installation doesn't fail, but doesn't perform additional upgrade compatibility testing. Follow these
best practices to minimize product compatibility issues on systems where you install Endpoint Security.
• For optimal performance and protection, upgrade all Endpoint Security modules to the same version.
• Some earlier versions of Endpoint Security were susceptible to injections from third-party DLLs that created issues with
product removal and upgrades. Endpoint Security 10.6 makes a due-diligence effort to enable earlier versions to trust well
known injectors, but that intelligence is static and limited. To minimize potential issues when upgrading a previous version of
Endpoint Security, run the McAfee SysPrep tool to detect and allow trusted third-party software to inject into McAfee processes.

Compatibility with other virus-detection and firewall products

During installation, the installation wizard detects existing virus-detection and firewall products and checks for compatibility.
Tip: Best practice: For information about how to troubleshoot compatibility issues between Endpoint Security and third-party
applications, see KB73182.
• If the Windows firewall is enabled — The wizard does not disable the Windows firewall automatically. If the Windows firewall
is enabled, you should disable it after installing Endpoint Security Firewall to prevent conflicts.
• If incompatible virus detection or firewall software is installed — The wizard tries to uninstall the software. If it can't, it
prompts the user to cancel the installation, uninstall the incompatible software manually from the Windows Control Panel,
then resume the installation where it left off.
Tip: Best practice: See KB85522 for a list of the software products uninstalled automatically.
• If Common Event Enabler (CEE)/Common AntiVirus Agent (CAVA) is running — CEE/CAVA is a framework running on a
Windows platform that enables third-party anti-virus engines to scan files stored on a Dell EMC Celerra, VNXe, VNX, Unity, or
VMAX eNAS/NAS array. You can install Endpoint Security with CAVA support by using a command-line option.
The CAVA option disables the blocking cache in the On-Access Scanner (OAS), increases the number of OAS scanning threads to
200, and enables network scanning. These setting changes are needed for OAS to scan all files from CAVA. You can specify a
different number of scanning threads during or after installation. See KB88973 for more information.
Note: When upgrading from a previous version of Endpoint Security with CAVA, you must use the CAVA command-line option.
Otherwise, the installation removes CAVA from the upgraded system.

Compatibility with other McAfee products

Check for compatibility with existing McAfee products on systems where you plan to install the software, then follow instructions
for resolving conflicts.
• If McAfee Client Proxy is installed — Web Control disables itself automatically if it detects a web gateway appliance or if
McAfee Client Proxy is installed and in redirection mode.
• If McAfee® Application Control and McAfee® Change Control are running — The system stops responding (hangs) when
memory protection features in McAfee Application Control, McAfee Change Control 8.x or 7.x, and Endpoint Security or Host
Intrusion Prevention are running at the same time.

McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows 5

Tip: Best practice: Disable Application Control and Change Control memory protection features and use the Endpoint Security
or Host Intrusion Prevention memory protection features. For full Application Control and Change Control memory protection
recommendations, see PD24662.
To run Endpoint Security with Application Control and Change Control on a system:
◦ Installation order — Install Endpoint Security first, then Application Control and Change Control.
◦ If already installed — Disable the Memory Protection and Script As Updater features in Application Control and
Change Control. See KB81465 for more information.

6 McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows

System requirements
Systems must have specific hardware and software to run McAfee Endpoint Security. Review the requirements before installing
the product software to make sure that your installation is successful.

System and hardware requirements

This release supports deploying Endpoint Security to Windows operating systems. For a complete list of current system
requirements, see KB82761.

Supported and unsupported browsers

Product installation and Web Control features have been verified to function correctly on most versions of popular browsers.
URL installation requires one of the supported browsers and an Internet connection.
• Microsoft Internet Explorer, version 11 — Version 10 is supported only on Windows Vista.
• Google Chrome — Doesn't support the Show Balloon option in Web Control.
• Mozilla Firefox, version 56 and later
• Safari — See KB84934.
Microsoft Edge isn't supported.
Note: Because Chrome and Firefox release new versions frequently, Web Control might not work with a new update. A Web
Control patch is released as soon as possible to support the changes from Google or Mozilla.
For the latest information about browsers that Web Control supports, see KB82761.

Supported versions of McAfee Agent

You have installed McAfee Agent 4.0 or later on your system.
Note: Endpoint Security requires McAfee Agent 5.0.2.333 or later (version 5.5.0 is recommended). Endpoint Security
automatically upgrades version 4.0 and later of the agent to a supported version during product upgrades. You can also upgrade
the agent manually.

McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows 7

Pre-installation tasks
Preparing your system
These tasks help you identify and resolve potential issues before they occur.
See KB88288 for more information about performing these and other recommended quick start tasks before installing the
product.
• Evaluate system readiness.
◦ Make sure your systems meet requirements — See KB82761 for a listing of operating systems for Endpoint
Security. Check whether Updates or Hotfixes are necessary to support operating system changes or updates.
◦ Make sure that other products are compatible with Endpoint Security — Check for compatibility issues with
other products running on systems. Determine required anti-virus and firewall exclusions.
◦ Review settings you want to save — If you plan to save custom settings when you upgrade, review your settings
and update them as needed.
• Run McAfee SysPrep — Run the McAfee SysPrep tool to detect and allow trusted third-party software to inject into McAfee
processes, which ensures that the injectors work together with Endpoint Security. This allows third-party software to function,
while allowing McAfee to maintain a trust boundary. McAfee SysPrep is available from the Downloads tab of the ServicePortal:
https://support.mcafee.com/downloads.
McAfee SysPrep adds third-party injectors to the McAfee Trusted Store, which ensures that the injectors work together with
Endpoint Security. Run this tool to:
◦ Automatically update the McAfee Trust store for third-party injectors that McAfee recognizes and that exist on the
system. McAfee SysPrep sends Event ID 1095 for these injectors and writes them to the logs.
◦ Identify any unknown injectors and determine if they are signed or unsigned. McAfee SysPrep sends Event 1092 for
these injectors and writes them to the logs.
See KB89860 for more information about using McAfee SysPrep.

Preconfiguring the product

You can customize settings for product features before installing your software.
Preconfigure custom settings when you need to meet specific requirements. For example, preconfigure port exclusions to ensure
that vital communications are not blocked when Firewall is installed, or preconfigure settings required for compliance with
security regulations.

Overview of preconfiguration process

Export settings to a file, then import them during a command-line installation. This is useful when you want to install the
software on a new system with custom settings.

1. Customize the settings required for your system.

2. Export the settings using ESConfigTool with command-line options.
3. Import the settings using SetupEP with command-line options.

Best practices
McAfee preconfigures features with default settings that protect systems in medium-risk environments. These settings ensure
that systems can access important websites and applications until there is time to customize the settings.
When customizing product features, make sure to configure:
• Where and how systems get updates.
• How often and what time of day systems check for updates.
• Access to required websites and applications without interruption.
Note: If you migrate or save settings from legacy products, settings included in a custom package take precedence over legacy
settings. In these cases, the custom settings are applied instead of the legacy settings.

8 McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows

Export custom settings to import
Export preconfigured settings to a file that you can import when you install the software. Use ESConfigTool to do this.

Before you begin

Make sure that Endpoint Security is installed on a system.
This tool exports all settings for the selected product modules to a location that you specify.
ESConfigTool is located in the Endpoint Security Platform folder (C:\Program Files\McAfee\Endpoint Security\Endpoint Security
Platform, by default).
For option definitions, run ESConfigTool with no options: ESConfigTool.exe

Task
1. Configure your settings, then save them to a file.
2. Using the ESConfigTool command line, export the settings to create <file_name> and save this file to a folder that is not
protected by McAfee.
ESConfigTool.exe /export <file_name> [/module <TP|FW|WC|ESP> ]
The folder containing ESConfigTool is protected, so the export location should be a different, writable location.
Example:
ESConfigTool.exe /export C:\ENS\firewall.policy /module FW
This example exports the Firewall settings to C:\ENS\firewall.policy.
3. Using the SetupEP utility, install Endpoint Security and import <file_name>.
setupEP.exe <options> /import <file_name> /module <FW|TP|WC|ESP>
Example:
setupEP.exe ADDLOCAL="fw,tp,wc" /import C:\ENS\firewall.policy /module FW
This example installs Endpoint Security Firewall, Threat Prevention, Web Control product modules, and the Endpoint Security
Common module, which installs automatically. It also imports settings from the firewall.policy file and applies them to the
Firewall module.

ESConfigTool command-line options

Use these options with the ESConfigTool utility to create a file of preconfigured settings that you can import during installation
of Endpoint Security.
Open a Command Prompt window, then run the ESConfigTool command using the appropriate command-line options.
Options are not case-sensitive.
Note: The access protection rule Unauthorized execution of EsConfigTool blocks the execution of EsConfigTool. Administrators can
disable the rule and run EsConfigtool when needed and re-enable the rule when complete.
Example
ESConfigTool.exe /export C:\ENS\preconfigured.policy /module TP FW /unlock<password>
Exports settings for Threat Prevention and Firewall to the file C:\ENS\preconfigured.policy.
Basic options
ESConfigTool.exe /export <file_name> [/module <TP|FW|WC|ESP> ] /unlock <password> ] [/plaintext ]
ESConfigTool.exe /import <filename> [/module <TP|FW|WC|ESP> ] /unlock <password> [/policyname <name> ]
Unlock password is required to export and import policies if the user interface is locked.

Option Definition

/export <file_path_and_name> Saves settings to a file with the specified name and location.
Example:
/export C:\My Programs\Endpoint\preconfigured.policy
Exports settings to the file preconfigured.policy in the C:
\My Programs\Endpoint folder.

McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows 9

 Option Definition
Note: Save this file to a folder that is not protected by
McAfee. The folder containing ESConfigTool is protected, so
the export location should be a different, writable location.

/import <file_path_and_name> Imports the settings from the specified file name.
The file must be encrypted.

/module <TP|FW|WC|ESP> Specifies which product module settings to export.

• TP — Threat Prevention
• FW — Firewall
• WC — Web Control
• ESP — Resources shared by product modules.

Example:
/module TP FW WC ESP
Exports settings for all product modules.

/unlock <password> Sets the password for unlocking the client UI.
Note: It is recommended that you lock the client interface
with a password to avoid unauthorized access and
configuration of policies.

/plaintext Specifies descriptive comments in human-readable format.

10 McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows

Install and upgrade the software
Upgrade McAfee Agent
Endpoint Security requires McAfee Agent 5.0.2.333 or later (version 5.5.0 is recommended). Endpoint Security automatically
upgrades version 4.0 and later of the agent to a supported version during product upgrades. You can also upgrade the agent
manually.

Task
1. Download the McAfee Agent client package from the download site.
2. Unzip the McAfee Agent package and locate the FramePkg_Upd.exe file.
3. Right-click FramePkg_UPD.exe, then select Run as administrator.

Install the software with the wizard

The installation wizard automates much of the process for installing and upgrading the product.

Before you begin

Make sure that your system meets all requirements.

Task
1. Download the Endpoint Security .zip file, unzip the contents of the file, then double-click setupEP.exe.
If you purchase the product online, you receive an email with instructions and a URL for downloading the product.
2. On the License Agreement page, click Accept.
3. Resolve any conflicts detected by the wizard.
The wizard tries to remove conflicting virus-detection and firewall software products automatically. If it can't, it prompts you to
remove them manually, then prompts you to restart the system.
◦ If you restart the system immediately, installation resumes afterward.
◦ If you restart the system later, run the installation wizard again at your earliest convenience.
See KB85522 for a list of the software products removed automatically.
4. On the Install Options page, select each module to install.
Install with the default settings, or select options to customize your installation. The Endpoint Security Platform (Common
module) installs automatically with the first module you install.
5. (Upgrade only) Select whether to save your settings.
6. Click Install.
A dialog box shows the progress of the installation and notifies you when it is complete. You can cancel the installation at any
time, if needed.
7. Click Finish to close the wizard.
Tip: Best practice: Restart the system after installing this release of the product.
8. (Upgrade only) If you saved your custom settings, verify that they were saved.

Install the software from the command line

You can run the installation wizard from the command line, which lets you select additional options, such as silent installation. By
default, installation is interactive.

Before you begin

Make sure that your system meets all requirements.
• For silent installation, the wizard displays no feedback. All information is available in logs.
• For interactive command-line installation, the wizard displays a progress window and allows you to cancel the installation, if
needed. All information is available in logs.

Task
1. Copy the product files to the system where you want to install it.

McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows 11

 Depending on how you purchased the product, you might need to download product files from a download site or copy them
from a disc.
2. Open a Command Prompt window, navigate to the folder where you copied the files, then type this command and any
applicable parameters, which are not case-sensitive:
setupEP.exe /parameters
Type setupEP.exe /help for a complete list of command-line options for the SetupEP utility.
Tip: Best practice: Restart the system after installing this release of the product.

Installation (SetupEP) command-line options

Use these options with the standalone installation utility (SetupEP) to install the product from a command line.
Open a Command Prompt window, then run the SetupEP command using the appropriate command-line options.
Options are not case-sensitive.
Example
setupEP.exe INSTALLDIR="D:\My Programs" /l"D:\My Log Files"
Installs the product files to a folder on drive D under My Programs and saves the installation log files to a folder under My Log
Files.
Basic options
setupEP.exe ADDLOCAL="fw,tp,wc" [INSTALLDIR="install_path"][/qn][/qb][/qb!][/l*v"install_log_path"]
All options
setupEP.exe ADDLOCAL="fw,tp,wc" [/CAVA="<number of scanning threads>"] [INSTALLDIR="install_path"][/qn][/qb][/
qb!][/l"install_log_path"][/l*v"install_log_path"] [/CAVA="number_of_scanning_threads"] [/import <file_name>] [/
module <TP|FW|WC|ESP>] [/nopreservesettings] [/override"program_name"] [/policyname <name>] [/
quarantinefolder="directory path"] [/unlock <password>]/CAVA="<number of scanning threads>"

Option Definition

ADDLOCAL="tp,fw,wc" Selects the product modules to install:

• tp — Threat Prevention
• fw — Firewall
• wc — Web Control
• fw,tp,wc — Install all three modules.

The shared Endpoint Security Platform (Common module) is

also installed automatically when any product module is
installed.
Example:
ADDLOCAL="tp,wc"
Installs Threat Prevention, Web Control, and Common.

CAVA="number_of_scanning_threads" Installs Endpoint Security with support for the Common

ADDLOCAL="tp,fw,wc" CAVA="number_of_scanning_threads" AntiVirus Agent (CAVA). Used with ADDLOCAL. Requires
Threat Prevention.
Disables the blocking cache in the On-Access Scanner (OAS),
increases the number of OAS scanning threads to 200, and
enables network scanning, to ensure the OAS scans all files
from CAVA. Optionally, you can specify a different number of
scanning threads. See KB88973 for more information.
Note: When upgrading from a previous version of Endpoint
Security with CAVA, you must use the CAVA command-line
option. Otherwise, the installation removes CAVA from the
upgraded system.

12 McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows

 Option Definition

INSTALLDIR="install_path" Specifies where to install the product files on the system.

The installation wizard creates an Endpoint folder at the
specified location and installs the product to this folder.
Example:
INSTALLDIR="D:\Installed Programs"
Installs the product modules under D:\Installed Programs
\Mcafee\Endpoint Security.
By default, product files are installed in the folder C:\Program
Files\McAfee\Endpoint Security.

/log"install_log_path" or /l"install_log_path"
/l*v"install_log_path"
• Specifies where to save the installation log files for tracking
installation events.
The installation wizard creates an Endpoint folder at the
specified location and saves the log files to this folder.
Example:
/l"D:\Log Files"
Installs the product log files under D:\Log Files.
By default, log files are saved in the Windows System TEMP
folder C:\windows\Temp\McAfeeLogs.
• *v — Specifies verbose (more descriptive) logging entries.

/qn or /quiet Specifies how the users can interact with the installation
/qb! or /passive wizard:
/qb • qn — Hide all installation notifications (silent mode). Users
have no interaction.
• qb! — Show only a progress bar without a Cancel button.
Users cannot cancel the installation while it is in progress
(passive mode).
• qb — Show only a progress bar with a Cancel button. Users
can cancel the installation while it is in progress, if needed.

/import <file_name> Imports settings from the specified file.

Example:
/import mysettings
Imports settings from the file called mysettings.

/module <TP|FW|WC|ESP> Applies imported settings to the specified product modules.

• TP — Threat Prevention
• FW — Firewall
• WC — Web Control
• ESP — Resources shared by product modules.

Example:
/import mysettings /module TP FW
Imports settings from the file called mysettings to Threat
Prevention and Firewall.

/nocontentupdate Does not automatically update product content files on the

system as part of the installation process.
Content files include the latest AMCore, Exploit Prevention,
and Adaptive Threat Protection content files required for
Endpoint Security.

McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows 13

 Option Definition
Caution: Update content files to ensure that the system is
fully protected. If you don't update them during installation,
schedule an update as soon as possible.

/nopreservesettings Does not save your product settings when upgrading to

Endpoint Security.
By default, settings are preserved.

/override"program_name" Overrides and removes the specified conflicting products

during installation.

/policyname <name> Assigns the specified settings to systems where the product is
installed.

/quarantinefolder="directory path" Specifies the location of the Quarantine folder where

detected threats are placed. The folder path is limited to 190
characters.
Example:
/quarantinefolder="D:/reports"
Creates a Quarantine folder at D:\reports\Quarantine.
By default, the Quarantine folder is located in the folder
<SYSTEM_DRIVE>\Quarantine.

/unlock <password> Sets the password for unlocking the client UI.

14 McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows

Post-installation tasks
Verify the installation
Verify that the products were installed successfully and the system is up to date. If you saved settings from legacy products,
verify that your settings were saved correctly.

Task
1. Open the Windows Control Panel and verify that the name of each product you selected to install appears and that version
10.6 is installed.
◦ McAfee Endpoint Security Firewall
◦ McAfee Endpoint Security Threat Prevention
◦ McAfee Endpoint Security Web Control
◦ McAfee Endpoint Security Platform
◦ McAfee Endpoint Security Adaptive Threat Protection
2. Open the installation log file and make sure that no errors or failure messages appear.
By default, the installation wizard installs the installation log files in the user Temp folder as %Temp%\McAfeeLogs (for example,
C:\Users\username\AppData\Local\Temp\McAfeeLogs).
3. Open the Endpoint Security Client, then click Update Now to make sure that the system is up to date.
If your system is up to date, the page displays No Updates Available and the date and time of the last update.
4. (Upgrade only) If you upgraded legacy products with saved settings, check the client Settings page for each product module to
verify that legacy settings were saved.

Test malware detection

Test the virus-detection feature of Threat Prevention by downloading the EICAR Standard AntiVirus Test File to the local system.
Although it is designed to be detected as a virus, the EICAR test file is not a virus.

Task
1. Download the EICAR file from this location:
http://www.eicar.org/download/eicar.com
If installed properly, Threat Prevention interrupts the download and displays a threat detection dialog box.
2. Click OK.

Results
If not installed properly, Threat Prevention does not detect the virus or interrupt the download process. In this case, use
Windows Explorer to delete the EICAR test file from the client computer, then reinstall the product and test the new installation.

Test Real Protect scanning

Test that the Real Protect scanning features in Adaptive Threat Protection are installed correctly and that systems can
communicate with the McAfee cloud for detections.

Before you begin

Real Protect can connect to McAfee GTI to send queries to the domain: realprotect1.mcafee.com.
This test uses password-protected files to check Real Protect client and cloud-based detections. Although they are designed to be
detected as threats, they are harmless.
Download the test files to a different location each time you run this test. Real Protect does not detect the files on subsequent
attempts to run them from the same location.
See KB88828 for information about testing the Real Protect scanning features.

Task
1. On the client system, download the compressed test file from this location: KB88828.

McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows 15

2. Navigate to the folder where you downloaded the file, then unzip the file.
The password for the .zip file is clean. Password protection ensures that the .zip file is not blocked if you send it in an email.
3. To test client detections, double-click RP-S TestFile.exe.
If Real Protect client scanning is functioning correctly in Endpoint Security, it detects the file and prevents the file from
running.
4. To test cloud detections, double-click RP-D TestFile.exe.
The RP-D TestFile.exe must run for a minute for the detection to trigger.
If Real Protect cloud scanning is functioning correctly in Endpoint Security, it detects the file and prevents the file from
running.

Results
If Real Protect does not detect the file and prevent it from running, check the Adaptive Threat Protection Activity log file and
troubleshoot the problem, then run the test again.

16 McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows

Remove the software
Remove the software from systems locally
Remove client software on a system by using the Windows Control Panel. You might do this for testing or before reinstalling the
client software.
Caution: Reinstall the client software as soon as possible. When it is uninstalled, the system is not protected against threats.

Task
1. On the system, open the Windows Control Panel, then go to the Uninstall Programs screen.
2. In the list of programs, select each product module in this order, then click Uninstall.
◦ McAfee Endpoint Security Adaptive Threat Protection
◦ McAfee Endpoint Security Firewall
◦ McAfee Endpoint Security Threat Prevention
◦ McAfee Endpoint Security Web Control
Endpoint Security Platform (Common module) is uninstalled automatically with the last product module. You can't uninstall it
while other product modules are installed.
3. If prompted, enter a password for each module.
By default, no password is required.
4. Wait for the wizard to report that it has uninstalled the support components. If you do not see a notification, check the Event
Log to verify that the Common module was removed successfully.
5. If no other McAfee products are installed, select McAfee Agent in the Uninstall Programs screen of the Windows Control Panel,
then click Uninstall.

McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows 17

Troubleshoot installations and upgrades
Customer support information
Check these resources for information about installing and using the product.

McAfee websites
• Visit the ServicePortal to find the complete library of Technical Articles about McAfee products. Go to http://
support.mcafee.com, click Knowledge Center, then select Product Documentation from the Knowledge Base list.
• See the online McAfee community for information about installing, migrating, and integrating Endpoint Security with other
McAfee security products. Also provides links to related documentation.

Technical Support articles

General product information:
• KB86704 — A consolidated, up-to-date list of common questions and answers about using Endpoint Security.
• KB82450 — Known issues in Endpoint Security.
• KB88788 — Known issues in Endpoint Security Adaptive Threat Protection.
Installation issues:
• KB87791 — Processes that Endpoint Security installs.
• KB89239 — Installation fails in the presence of third-party applications because of untrusted DLL injections.
• KB87096 — Installation fails, or fields do not populate, because of missing root certificates.
• KB85033 — Installation fails to install if user access to the user temp folder is restricted.
Compatibility issues:
• KB73182 — Troubleshooting compatibility issues between Endpoint Security and third-party applications.

Resolving third-party compatibility issues by using Adaptive mode

If third-party applications aren't working correctly after installing Endpoint Security Firewall, and you didn't preconfigure custom
Firewall rules, you can enable Adaptive mode to determine whether Firewall is blocking those applications.
Enabling Adaptive mode allows Endpoint Security Firewall to create client rules automatically, so that necessary applications and
websites are not blocked while preserving minimum protection against vulnerabilities.
Adaptive mode analyzes events, then if the activity is considered regular and needed for business, Firewall creates client rules.
By enabling Adaptive mode, you can gather the information you need for tuning your protection settings. When tuning is
complete, turn off Adaptive mode.
Tip: Best practice: To be fully protected by Firewall, turn off Adaptive mode after updating your policies.
You can enable Adaptive mode from the Firewall Settings page in one of these ways:
• Click Firewall on the main Endpoint Security status page, then click Advanced and select Adaptive mode.
• From the Action menu, select Settings, then click Firewall on the Settings page, then click Advanced and select Adaptive mode.
Tip: Best practice: For information about troubleshooting blocked third-party applications, see KB88482.

Resolving McAfee error codes and messages

Error messages are displayed by programs when an unexpected condition occurs that can't be fixed by the program itself. Use
this list to find an error message, an explanation of the condition, and any action you can take to correct it.
Depending on how you launched the installation wizard, it displays a description of the error or an error code.

Message Description Solution

Conflicting McAfee Error code: 16002 Uninstall the conflicting products, then try
product(s) found. Displays temporarily in Windows Defender installing again.
Security Center after a restart.

18 McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows

 Message
Administrator rights
required.
Invalid Package.
Removal failed.
Installer failed to
launch.
Restart required.
Restart required.
Restart pending.
Incompatible software
removal failed.
Installation failed.
Installation canceled.
Migration failed.
McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows
Description Solution
The installation wizard detected one or
more conflicting McAfee products on the
system that it can't remove automatically.
Error code: 16002 Log on as an administrator, then launch the
You must have administrator rights to run installation wizard.
the installation wizard.
Error code: 16003 Download a valid package file, then try
Invalid package found. Please verify that installing the product again.
you have a valid package.
Error code: 16007 Remove these products manually before
The installation wizard couldn't remove a installing Endpoint Security.
previous version of this product (such as a Contact Technical Support if the issue
beta version) or a legacy product (such as persists.
VirusScan Enterprise or SiteAdvisor
Enterprise) from the system.
Error code: 16008 Contact Technical Support.
The installation wizard was not able to
launch.
Error code: 16015 Restart the system to continue with the
The installation wizard requires a system installation.
restart to continue the installation.
Error code: 16016 Restart the system to complete the
The installation wizard requires a system installation.
restart to complete the installation.
Error code: 16017 Restart the system to continue with the
A system restart from a previous installation.
installation or removal operation is
pending.
Error code: 16018 Remove these products manually before
The installation wizard tried and failed to installing Endpoint Security.
remove one or more incompatible software
products it detected on the system.
Error code: 16019 Run the installation wizard again at a later
The installation wizard was interrupted time.
before it finished installing Endpoint
Security. It made no changes to your
system.
Error code: 16020 Run the installation wizard again.
The user canceled the installation before it
completed. The installation wizard made no
changes to the user's system.
Error code: 16025 Run the installation wizard again at a later
time.
19
 Message Description Solution
The installation wizard tried to migrate
settings from a legacy product, but it
encountered an error.

Your system is not
protected. Your previous
security software was
uninstalled, but the
installer was interrupted
before McAfee Endpoint
Security was installed.
Call McAfee support for
assistance as soon as
possible.
Error code: 16029, 16030, 16031 To protect your system against threats,
The installation wizard was interrupted contact Technical Support as soon as
before Endpoint Security was installed. possible.
Your previous software was uninstalled, but
no other changes were made to your
system.

Your system is not fully
protected. The installer
could not install [product
name]. Call McAfee support
for assistance.
Error code: 16032 To fully protect your system against threats,
One or more Endpoint Security product call Technical Support as soon as possible.
modules failed to install. Your previous
software was uninstalled.

Policy import failed. Error code: 16502 Check that you selected the proper data to
The installation wizard installed Endpoint import. Contact Technical Support if the
Security successfully, but couldn't import issue persists.
the specified policy.

Policy import failed. Error code: 17001 Check that you selected the proper data to
The installation wizard couldn't import the import. Contact Technical Support if the
specified policy. issue persists.

Installation failed and Error code: 17002 Check the installation logs on the system
then rollback failed. The installation wizard couldn't install and contact Technical Support for
Endpoint Security or roll back the changes it assistance.
made to the user's system.

Installation canceled and
then rollback failed.
Error code: 17003 Check the installation logs on the system
The installation was canceled before it and contact Technical Support for
completed. The installation wizard couldn't assistance.
roll back the changes it made to the user's
system.

Another installation Error code: 1618 Complete that installation before

wizard is already running. Another installation is already in progress. proceeding with the new installation.

Endpoint Security Platform The system tray icon also is gray with a red See KB88029 for information about
is not running! exclamation point. troubleshooting this error.
An unknown third-party injection into
McAfee code might have been detected.

Resolving Windows error messages

Windows displays these error messages when an unexpected condition occurs. Use this information to find an explanation of the
condition and a solution.

20 McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows

Description
Message Solution

The installation wizard couldn't install Endpoint Security. It made no changes to the user's system.
Installation See
failed. MsiExec.ex
and
InstMsi.exe
Error
Messages
for
description
of
specific
error
codes.
If
the
issue
persists,
contact
Technical
Support.

After restarting a system, this message appears in the Virus & threat protection page in Windows Defender Security Center.
Threat Ignore
Threat
servicePrevention tries to send the Endpoint Security security status to the Security Center service. This fails because the this
Security
has Center service is not in a running state immediately after a restart. After about two minutes, when the Security message
Center service is in a running state, Threat Prevention successfully sends the security status and the message no longer
stopped. when
appears.
Restart displayed
it temporarily
now. after
a
restart.
The
security
status
is
automatica
corrected
about
two
minutes
after
the
restart.

Checking installation log files

The installation wizard tracks details about installation, uninstallation, and migration in log files that you can use to verify results
and troubleshoot problems.

Default location of installation log files

By default, the installation wizard saves the installation log files in the User TEMP folder — %Temp%\McAfeeLogs:
C:\Users\username\AppData\Local\Temp\McAfeeLogs, by default

McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows 21

Changing the location of installation log files
Use one of these command-line options to change the location for the log files:
/log"install_log_path"
/l"install_log_path"
/l*v"install_log_path"
where:
• "install_log_path" — Specifies where to save the installation log files.
The installation wizard creates an Endpoint folder at the specified location and saves the log files to this folder.
• *v — Specifies verbose (more descriptive) logging entries.
Example
/l"D:\Log Files"
Installs the product log files under D:\Log Files\EndPoint\.

Installation and migration log files

Check these log files for details about installation and migration.

Log file name Type of information

McAfee_<module>_Install_<%timestamp%>.log Installation log for each product module.

McAfee_<Module>_Bootstrapper_<%timestamp%>.log Bootstrapper for each product module.

McAfee_Endpoint_BootStrapper_<%timestamp%>.log Bootstrapper for the Master installation wizard (SetupEP) on

self-managed systems.

McAfee_<Module>_CustomAction_Install_<%timestamp MSI Custom Action for each product module.

%>.log

McAfee_Endpoint_CompetitorUninstaller.log Removal of incompatible virus-protection and firewall

products.

McAfee_Endpoint_Security_Migration_xxx.log Removal of legacy products.

Example: McAfee_Endpoint_Security_Migration_McAfee
VirusScan Enterprise_8.8_06042015195245175.log

McAfee_<module>_Migration_Plugin.log Preserve and restore status of migrated legacy settings, per

module.
Example: McAfee_TP_Migration_Plugin.log

McAfee_ESP_Migration_Plugin.log Legacy settings migrated to the Common Options policy.

Uninstallation log files

Check these log files for details about removing the product.

Log file name Type of information

McAfee_<Module>_UnInstall<%timestamp%>.log Uninstallation log for each product module.

McAfee_<Module>_CustomAction_Uninstall<%timestamp MSI Custom Action for each product module for

%>.log uninstallation.

McAfee_CommonUninst<%timestamp%>.log Uninstallation log for Common module (which is uninstalled

with last product module).

22 McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows

 Log file name Type of information

McAfee_ Common_VScore_Uninstall<%timestamp%>.log Log for VSCore driver removal by Common module.

McAfee_ Firewall_FireCore_Uninstall<%timestamp%>.log Log for FireCore driver removal by Common module.

McAfee_ ThreatPrevention_Caspercore_Uninstall< Log for CasperCore driver removal by Threat Prevention.

%timestamp%>.log

McAfee_ ThreatPrevention_ELAM_AVDriver_Uninstall< Log for ELAM driver removal by Threat Prevention.

%timestamp%>.log

McAfee_ ThreatPrevention_EP_Uninstall<%timestamp%>.log Log for Exploit Prevention removal by Threat Prevention.

Checking Real Protect log file entries

Each time Real Protect completes a scan of a file, it creates an entry in the AdaptiveThreatProtection_Activity.log with an ID that
indicates the result of the scan. You can use the ID to verify that scans completed successfully or troubleshoot issues with Real
Protect.
See KB88828 for information about testing the Real Protect scanning features.

Real Protect ID Description

0 Process found with clean reputation

1 Process found with unknown reputation

2 Time out

3 Unknown failure

4 Unsupported version of Real Protect

5 Not enough events

6 Point product request does not scan

7 Phase 1 remediation is over

8 Process terminated

9 No network detected

10 Process was spikey and was not scanned

11 Process is cached with unknown reputation

Using the MER tool for troubleshooting

The MER (Minimum Escalation Requirements) tool collects McAfee data from Endpoint Security and other McAfee products on
your computer.
Technical Support uses this data to analyze and resolve your problem.
The information collected by the MER tool includes:
• Registry details
• File version details
• Files
• Event logs
• Process details

McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows 23

McAfee provides two versions of MER:
• WebMER runs on the client computer.
See How to use MER tools with supported McAfee products.
• MER tool for McAfee ePO uses McAfee ePO to run the MER tool on client computers.
See How to use the MER tool for McAfee ePO.

24 McAfee Endpoint Security 10.6.0 - Installation Guide (Unmanaged) - Windows

COPYRIGHT
Copyright © 2020 McAfee, LLC

McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other
marks and brands may be claimed as the property of others.