Trellix ePolicy Orchestrator Installation on Windows Server
In this article, we will install Trellix ePolicy Orchestrator Installation on Windows Server 2022. Please see how to Setup a Site-to-Site VPN Connection on AWS, how to Add a Printer Using an IP Address in Windows 11, and Windows Defender detects Endpoint Security HipHandlers.dll. You can install Trellix ePO on-premise environment as a single-server installation or as a cluster, and in the cloud. I will be describing the upgrade in a subsequent guide. Please, see How to deploy and integrate VHR with VBR.
Note: Trellix claimed to support Microsft SQL Server 2022 for Supported platforms for ePolicy Orchestrator. But you will not find this comment in the Trellix official installation guides. So when you spin up a Windows server 2022 and SQl Server 2022, the installation will fail and roll back at the time of writing this article.
But when you run Windows Server 2022, and SQL Server 2019, the installation will succeed. All this information can be found in the Trellix installation guide. Here is a guide on how to Fix Trellix ePO DAT and Engine Packages missing.
Each installation scenario includes a workflow and procedure you must adhere to. Planning your installation and reviewing system requirements and capabilities are also part of the installation process. Please take a look at the best practices for the performance and stability of your ePolicy Orchestrator environment, and the various fixes to Trellix ePolicy Orchestrator Installation Errors.
Install Microsoft SQL Server
Before you can install Trellix ePO. Configure SQL Server software for TCP/IP access and install a supported operating system on the Trellix ePO – On-prem server. Here is how to Install SQL Server 2022 Express and SQL Server Management Studio.
Note: The ePO installer creates a database, uses the database, and then drops the database to verify that it has the appropriate rights. ePO 5.10 adds a new, entirely separate database called the ePO Events database to handle threat event information. After the installation is complete, DBO rights on the ePO database are sufficient for normal operation.
Configure SQL Server for TCP/IP access
To configure TCP/IP protocol for the SQL Server. Start SQL Server Configuration Manager.
See this article for more details: Setup is unable to access the SQL UDP Port 1434 on the specified SQL Server, and how to uninstall Microsoft SQL Server on Windows.
Launch the SQL Server 2022 Configuration Manager as shown below.
In the console pane, expand SQL Server Network Configuration, and select the Protocols item for your SQL instance. For example, if you are using the default MSSQLSERVER instance, select Protocols for MSSQLSERVER.
By default, TCP/IP is set to Disabled. Double-click TCP/IP to open the TCP/IP properties window. Select the Protocol tab, click Enabled, and select Yes. Click Apply and then OK to close the Warning dialog.
You can now restart the service to make sure that your changes take effect.
In the console pane, click SQL Server Services. In the details pane, right-click the SQL Server service and click Restart.
Select the IP Addresses tab.
Make sure Enabled is set to Yes for each active IP address.
Under IPAII, make note of the value for TCP Dynamic Ports if you will be using the dynamic port. If there is a value specified, for example 67482, your SQL Server is using dynamic ports. Make a note of the value because this information might be needed later in the installation.
Note: If you are using dynamic ports, the SQL Browser service must be running on the SQL Server. If the value for TCP Dynamic Ports is blank, then your SQL Server is using a static port and the value for this port will be shown in the TCP Port field if you have entered it already. If not, please hard code your TCP port such as 1434.
By default, the SQL Server Browser Properties is set to startup disabled. Ensure this is enabled and started.
Now, our SQL Server Browser Service is running.
Required SQL permissions
Specific SQL Server roles are required for the account used by Trellix ePO on-premise installation.
| Trellix ePO – On-prem installation… | Use these server roles |
|---|---|
| During installation | The user account credentials for Windows or SQL authentication must have these server roles granted on the target SQL Server: – Public – dbcreator Note: The dbcreator server role is required for the setup program to create and add the core Trellix ePO database objects to the target SQL Server during installation. This Trellix ePO SQL user account is granted the database role permission db_owner for the Trellix ePO on- the database. |
| After the database is created | The dbcreator server role can be removed from the Trellix ePO Note: Revoking the dbcreator server role restricts the user account to only those permissions granted to the db_owner database role on the Trellix ePO database. |
Add the AD account to SQL. And the below permissions are assigned accordingly.
ePO Installation
Run the setup utility on the Trellix server to install Trellix ePO. As part of the installation process, the Trellix Pre-Installation Auditor checks for compliance issues.
Note: If you rerun the setup.exe file while Trellix ePo is already installed. You are uninstalling ePo from the server!!! That is, it removes the existing ePO instance from the server. This is because the
setup.exefile is responsible for the installation or reinstallation of ePO
Click Yes to the UAC prompt. See How to enable or disable User Account Control, and How to Disable UAC with Group Policy and enable PIN in Windows Hello.
Click on continue to proceed.
The following software will be installed. Click continue.
You can change the default installation drive.
Enter the Database information, ePO database (this is usually pre-populated). 
I will be using Windows Authentication due to best practices (centralized management). Next, I will enter my service account and password and click continue.
If you are having issues with your service account, I would advise testing your password by using any of the steps discussed here “Is my AD user account or service account password correct? How to run an App as a different User and switch Users in Windows“.
When you run into issues and you will have to restart the Trellix ePolicy Orchestration installshield assistant as shown below. You may see the port field is grayed out. To fix this, restart the SQL server service. This way, you will be able to enter the service again as shown above.
Note: Ensure the TPC port is set in SQL Configuration Manager, else it will be greyed out. 
Do not forget to remove the TCP Dynamic Ports if you want to use a static port.
You can view installation logs from the path below. You will find the Install MSI log very useful. Please, see Fix MSIEXEC returned 1602: Trellix Setup cannot use this account, and How to enable FIPS mode on Windows Server.
C:\ProgramData\Trellix\ePolicy Orchestrator\InstallLogs
Pre-Installation Auditor (PIA)
The Pre-Installation Auditor (PIA) tool validates that your server meets the minimum requirements.
All these issues must be fixed, or else the installation will fail. Please see Various Fixes to Trellix ePolicy Orchestrator Installation Errors
I have fixed all issues and ensured that the ePO/SQL server has both TLS 1.1 and 1.2 enabled.
Click Continue. See this hyperlink if you wish to change the ePolicy Orchestrator agent-to-server communication secure port after installation or upgrade.
Optional: Review this table for details about which port assignments you can modify.
| Port | Default value | Can be changed during installation | Can be changed after installation |
|---|---|---|---|
| Agent-server communication port | 80 | X | |
| Agent-server communication secure port | 443 | X | |
| Agent wake-up communication port | 8081 | X | X |
| Agent broadcast communication port | 8082 | X | X |
| Console-to-application server communication port | 8443 | X | |
| Client-to-server authenticated communication port | 8444 | X | |
| SQL Server TCP port |
Enter your admin password. You can change the name from Admin to any other name. Also, enter the passphrase as you need it to decrypt the Disaster Recovery Snapshot records. Trellix does not store this passphrase and can’t recover it.
You can select test if you are testing and do not have the license key. For me, I will enter the license key and proceed.
If you do not have a license key. You can select the test option and the following evaluation window will be prompted. Click OK and continue to proceed.
The evaluation period is limited to 90 days.Accept the license agreement and click continue.
Hit the “install” button as shown below.
As you can see, the installation is running.
The installation is complete.
Double-click the Launch ePolicy Orchestrator icon on your desktop to start using your Trellix ePO server, or browse to the server from a remote web console
http(s)://<servername>:port
A certificate warning appears if you are using a self-signed certificate to access Trellix ePO server through web console. Add the URL to the browser-trusted sites. But if you have a certificate installed on the server, this warning will not appear.
Validate Credential
To log in, validate your credentials. Click on “Restore Admin Access” and submit.
As you can see, the passwords are saved and you can now log in.
FAQs relating to Trellix ePolicy Orchestrator Installation on Windows Server
What can I do when my installation fails with a 1603 error?
A 1603 error is a generic Microsoft MSI error code that appears during an installation or upgrade of any product. The code on its own can’t determine the cause. Other logs and symptoms can help a Technical Support Engineer investigate and resolve the issue.
How do I troubleshoot installation failures?
The main ePO installer log is %temp%\McAfeeLog\EPOXXX‑Install‑MSI.log.
This file contains all information about the installation including what the installer was doing and any failure information.
Does the ePO installer change the SQL Server during installation?
No, the ePO installer doesn’t change the SQL Server installation. The ePO installation doesn’t use the primary database and makes no SQL server-wide changes. It doesn’t require System Administrator rights on the SQL Server itself to install. However, it requires permission to create and drop a database during the installation process.
What’s the minimum hard drive space needed to upgrade an ePO database to a new version of ePO?
The minimum hard drive space needed depends on the size of the ePO database. An upgrade requires a large amount of transaction log space that's used during the upgrade to hold a copy of the EPOEvents table (typically, the largest table in an ePO database). As with all ePO upgrades, perform a full backup of the ePO server and database before you upgrade.
I hope you found this article very useful on ‘Trellix ePolicy Orchestrator Installation on Windows Server 2022″. Please feel free to leave a comment below.
