Overview of the Deployment Steps

About this task

To successfully deploy the CPM client, perform the following procedures:

  1. Identify ineligible endpoints.
  2. Identify conflicting products.
  3. Remove conflicting products.
  4. Deploy CPM clients.

Identifying Ineligible Endpoints

About this task

The CPM client supports most operating systems and typically does not require system resources exceeding those required by the host operating system. However, there are some factors that can preclude otherwise eligible endpoints from receiving the CPM client. Perform the procedures that follow to identify which of your endpoints, if any, require modification before installing the client. Do this before removing any existing security products to ensure a continuation of your endpoint security.

Procedure

  1. From the console menu, click Endpoint Protection on the bottom left pane.
  2. From the upper left navigation pane, go to Core Protection Module > Troubleshooting.
  3. From the list on the right pane, select Core Protection Module - Ineligible for Install -Insufficient Hardware Resources. The Fixlet® Description opens.
  4. Click the Applicable Computers tab. A list appears with the endpoints with insufficient hardware resources.
  5. Below Actions, click the hyperlink if you want to connect to the Support web page for more information.
  6. Repeat steps 1-3 for any Tasks that pertain to endpoint readiness (for example, the Core Protection Module - Ineligible for Install - Insufficient Software Resources task.

Identifying Conflicting Products

About this task

Before deploying the CPM client to your endpoints, you need to uninstall any programs that will conflict with the CPM functions. See Conflicting or Incompatible Programs for more information.

Procedure

  1. From the console menu, click Endpoint Protection on the bottom left pane.
  2. From the upper left navigation pane, go to Core Protection Module > Troubleshooting.
  3. From the list on the right pane, select Core Protection Module - Ineligible for Install - Removal of Conflicting Products Required. The Fixlet Description opens.
  4. Click the Applicable Computers tab. A list of endpoints running conflicting software appears.
  5. Below Actions, click the hyperlink if you want to connect to the Support web page for more information.

Removing Conflicting Products

Procedure

  1. From the console menu, click Endpoint Protection on the bottom left pane.
  2. From the upper left navigation pane, go to Core Protection Module > Deployment > Uninstall > [product name]. The Fixlet Description tab opens, showing a list of the endpoints currently running the program.

    Alternatively, you can click All Content and then navigate to Fixlets and Tasks > All > By Site > Trend Micro Core Protection Module. In the list of Fixlets that appears in the right window pane, select Core Protection Module - Uninstall [product name] by double-clicking it.

  3. Below Actions, click the hyperlink to open the Take Action window.
  4. In the Target tab, a list of the endpoints that are running the selected program appears. Click Applicable Computers to choose all relevant computers. In addition, you may also want to configure other options, as described below:
    Execution
    Set the deployment time and retry behavior.
    Users
    This option works in combination with Target, linked by the AND operand (both conditions must be present for the install to occur).
    Messages
    Configure these options to passively notify the user that the uninstall is going to occur, to obtain consent, or to ask users to stop using their computer while the install occurs.
    Offer
    Configure these options if you want the user to be able to choose whether the program is removed. A pop-up message displays on the target endpoints (requires that the client is enabled for offers).
  5. Click OK.
  6. At the prompt, type your private key password and click OK.
  7. In the Action | Summary window that opens, monitor the "Status" and "Count" of the Action to confirm that it is "Running" and then "Completed".

Deploying CPM Clients to the Endpoints

About this task

Use the Core Protection Module Endpoint Deploy Task to deploy CPM to all computers you want to secure against viruses and spyware. The CPM client package is about 100MB, and each endpoint will be directed to download the file from the BigFix Server or Relay.

If you target your endpoints using properties rather than by computer (which is the recommended behavior) any endpoint that subsequently joins the network will automatically receive the CPM client.

Installation takes about ten minutes, and the CPM client can be installed with or without the target user’s consent. Installation does not typically require a restart; however, a DOS-style command console may open on the client as the install scripts run. In addition, the client will be briefly disconnected from the network.

Note: Prior to deploying the CPM client, be sure your targeted endpoints are not running a conflicting product (see Conflicting or Incompatible Programs) and that they meet the hardware and software requirements as explained in Identifying Ineligible Endpoints.

Procedure

  1. From the console menu, click Endpoint Protection on the bottom left pane.
  2. From the upper left navigation pane, go to Core Protection Module > Deployment > Install.
  3. Note the number of eligible clients in the parenthesis after Install.
  4. From the list on the right pane, select Core Protection Module - Endpoint Deploy. The Task Description tab opens.
  5. Below Actions, click the hyperlink to open the Take Action window. In the Target tab that opens, a list of eligible endpoints appears. The default behavior is to install the CPM client on every relevant endpoint, regardless of who is logged on to the computer and whether the user is present or not.
  6. Use the following deployment options if you want to change the target:
    Target
    Click All computers with the property values selected in the tree list below and then choose a property that will include all the computers you want to deploy this Action to.
    Execution
    Set the deployment time and retry behavior, if any.
    Users
    This option works in combination with Target, linked by the AND operand (both conditions must be present for the install to occur).
    Messages
    Configure these options to passively notify the user that the install is going to occur, or to ask users to stop using their computer while the install occurs.
    Offer
    Configure these options if you want the user to be able to choose whether the client is installed. A pop-up message will be displayed on the target endpoints (requires that the client is enabled for offers).
  7. At the prompt, enter your private key password and click OK.
  8. In the Action | Summary window that opens, monitor the "Status" of the Action to confirm that it is "Running" and then "Completed".