Installing McAfee Endpoint Security 10.2.1 issues

I'm running into an issue with McAfee 10.2.1 (Agent 5.0.4) running through Casper. It appears that the package completes (tailing jamf.log and install.log) but the Casper Remote.app continues to think it's still installing. Presumably because the Endpoint Security Bundle installs a firewall app which interrupts the network connection. I guess my concern would be during image time or upgrading the components, what would that do to the installs?

The web filter seems to want access to a the Security settings in Control Panel, which we restrict. Is there an easy way to script out what it needs to change?

What's the best practices that people are doing? Are they just installing Threat Prevention and leaving off Web and Firewall?

Page 1 / 2

We just install the firewall and antimalware components (no web filter), but aside from the behavior you described in Casper Remote, we haven't had an issue. EPM also did the same thing with Casper Remote; as soon as the firewall component started, it dropped the SSH connection back to the admin's computer.

Are you able to install via a policy?

@bvrooman how are you omitting the web filter component from the install package? ChoiceChangeXML?

No, I'm not excluding anything. Our McAfee engineer gave us a package for Threat Prevention and a package for Firewall; I just install those two.

If you have a McAfee web account linked to your corp "Grant Letter" then the installers are available straight from their web site.

As of today we are not deploying the web filter either, it is obvious that it needs some improvements.

I recommend staying as far away from McAfee products for macOS as possible. It got so bad on 10.9 most Macs were unuseable. (Wouldn't boot, random pinwheels, freezing, etc) Unless they changed it's default behavior, it's need to look at every read & write on the disk before they happen severely hurts performance and productivity of user.

@ndelgrande2 the latest clients are actually a lot better on 10.11 worth checking out again if you have time

@ndelgrande2 I'll let you convince our InfoSec of that :)

@jwojda we're currently looking to move to ENS 10.2.1 for Sierra. Were you able to grab a separate package for Threat prevention, firewall, and web control or are you controlling the installation through some other means to exclude firewall and web control from your installs?

You can grab the 3 modules from the download site with a valid grant number. Just remember the Threat Prevention module needs to be installed before the Firewall or Web Protection Modules. You are actually grabbing the ePO files for checkin but you can unpack them and the module .pkgs are located inside.

You are correct that pushing through casper remote the install "hangs" because the firewall module drops the network. However the install does complete correctly, this also works fine via policy or during casper imaging.

We are not using the web protection module, it's only good for safari/chrome and is kind of heavy handed. We also have an edge proxy that performs much of the same functions for all http/https traffic.

We do lean heavily on the firewall.

Accroding to our rep there is only one package now and it is to be controlled via script. Unfortunately, I am struggling with creating the package as well. If I get it figured out i will share here for all. I am struggling with the /tmp/PruductDeploy.xml

Here is what was provided, if anyone has insight it would be appreciated.

#!/bin/sh

if test $# -eq 1 
then
    if test "$1" == "help"
    then
        echo "Parameters can be"
        echo "TP: Threat Prevention"
        echo "FW: FireWall"
        echo "WC: Web Control"
        echo "help : To see this help"
        exit 0
    fi
    if test "$1" == "TP"
    then 
        echo "<array>" >> /tmp/ProductDeploy.xml
        echo "<string>installer_choice_5</string>" >> /tmp/ProductDeploy.xml
        echo "<string>installer_choice_6</string>" >> /tmp/ProductDeploy.xml
        echo "</array>" >> /tmp/ProductDeploy.xml
        echo "Only TP will be installed."
    elif test "$1" == "FW"
    then
        echo "<array>" >> /tmp/ProductDeploy.xml
        echo "<string>installer_choice_4</string>" >> /tmp/ProductDeploy.xml
        echo "<string>installer_choice_6</string>" >> /tmp/ProductDeploy.xml
        echo "</array>" >> /tmp/ProductDeploy.xml
        echo "Only FW will be installed."
    elif test "$1" == "WC"
    then
        echo "<array>" >> /tmp/ProductDeploy.xml
        echo "<string>installer_choice_4</string>" >> /tmp/ProductDeploy.xml
        echo "<string>installer_choice_5</string>" >> /tmp/ProductDeploy.xml
        echo "</array>" >> /tmp/ProductDeploy.xml
        echo "Only WC will be installed."
     else
        echo "Parameters can be"
        echo "TP: Threat Prevention"
        echo "FW: FireWall"
        echo "WC: Web Control"
        echo "help : To see this help"
        exit 1
     fi
elif test $# -eq 2
then
    if  [[ ( "$1" == "TP" &&  "$2" == "FW" ) || ( "$1" == "FW" && "$2" == "TP" ) ]]
    then
        echo "<array>" >> /tmp/ProductDeploy.xml
        echo "<string>installer_choice_6</string>" >> /tmp/ProductDeploy.xml
        echo "</array>" >> /tmp/ProductDeploy.xml
        echo "Only TP and FW  will be installed."

    elif [[ ( "$1" == "FW" &&  "$2" == "WC" ) || ( "$1" == "WC" && "$2" == "FW" ) ]]
    then
        echo "<array>" >> /tmp/ProductDeploy.xml
        echo "<string>installer_choice_4</string>" >> /tmp/ProductDeploy.xml
        echo "</array>" >> /tmp/ProductDeploy.xml
        echo "Only FW and WC  will be installed."

    elif [[ ( "$1" == "TP" &&  "$2" == "WC" ) || ( "$1" == "WC" &&  "$2" == "TP" ) ]]
    then
        echo "<array>" >> /tmp/ProductDeploy.xml
        echo "<string>installer_choice_5</string>" >> /tmp/ProductDeploy.xml
        echo "</array>" >> /tmp/ProductDeploy.xml
        echo "Only TP and WC will be installed."
    else
        echo "Parameters can be"
        echo "TP: Threat Prevention"
        echo "FW: FireWall"
        echo "WC: Web Control"
        echo "help : To see this help"
        exit 1
    fi
elif test $# -eq 3
then
    if  [[ ( "$1" == "TP" &&  "$2" == "FW" && "$3" == "WC" ) || ( "$1" == "FW" &&  "$2" == "TP" && "$3" == "WC" )  || ( "$1" == "TP" &&  "$2" == "WC" && "$3" == "FW" ) || ( "$1" == "FW" &&  "$2" == "WC" && "$3" == "TP" ) || ( "$1" == "WC" &&  "$2" == "TP" && "$3" == "FW" ) || ( "$1" == "WC" &&  "$2" == "FW" && "$3" == "TP" ) ]]
    then
        echo "<array>" >> /tmp/ProductDeploy.xml
        echo "</array>" >> /tmp/ProductDeploy.xml
        echo "All FM's will be installed."
    else
       echo "Parameters can be"
       echo "TP: Threat Prevention"
       echo "FW: FireWall"
       echo "WC: Web Control"
       echo "help : To see this help"
       exit 1
    fi
else
    echo "Invalid parameters:"
    echo "Parameters can be"
    echo "TP: Threat Prevention"
    echo "FW: FireWall"
    echo "WC: Web Control"
    exit 1
fi

hdiutil attach McAfee-*

installer -pkg /Volumes/McAfee-*/McAfee-*.pkg -target / -applyChoiceChangesXML /tmp/ProductDeploy.xml

hdiutil detach /Volumes/McAfee-*

rm /tmp/ProductDeploy.xml

Your rep is wrong. I am able to deploy 3 packages in this order via casper. No muddling with .xml files required.

Install McAfee Agent 5.0.4 (this is a package I make to deploy install.sh)
McAfee-Firewall-for-Mac-10.2.1-ePO-client-package-RTW-2632.pkg
McAfee-Threat-Prevention-for-Mac-10.2.1-ePO-client-package-RTW-2632.pkg

Feel free to poke me (macdude22) over on slack. If you have a valid grant number and access to the McAfee download site I can walk you through getting the correct files.

It is possible the method I am using is "unsupported" by mcafee but it's a good deal simpler than that script you were provided.

Thanks,

-alex-

@Kaltsas

McAfee professional services recommend installing individual .pkg like you are doing and or you can also download the full installer .pkg that has all three apps too. ( I picked the the full installer but next time it will just be Firewall and Threat Prevention)

I should also add that when the agent was updated last that fixed an issue and now you can push the three apps from the McAfee server. ( if you want)

Thank you both for the responses. I reached out to our ISO who controls the McAfee portal for us and they were able to download the standalone installers. I am going to try both and see if I get the same results.

https://kc.mcafee.com/corporate/index?page=content&id=KB84772

Thanks again. Jeff

how does one handle the mcafee upgrades? I didn't see any EA's that report on threat prevention/firewall/etc to do a smart group off of, though I have one for the Agent.

if [ -d /Applications/McAfee Endpoint Security for Mac.app ] ; then
    EPS=`/usr/bin/defaults read /Applications/McAfee Endpoint Security for Mac.app/Contents/Info CFBundleShortVersionString`
    echo "<result>$EPS</result>"
else
    echo "<result>Not Installed</result>"
fi

Not sure if the individual components can be mixed and or reported on separately. I'd think not though.

@dpertschi thanks! worked beautifully.

how does one handle the mcafee upgrades? I didn't see any EA's that report on threat prevention/firewall/etc to do a smart group off of, though I have one for the Agent.

I have tried also to add the McAfee package to a build in a thin image process. Never works. You have to install the Agent first, then you can group the reset together...works fine for me after the agent install.

@Kaltsas I am attempting to troubleshoot an issue with a client that is automatically toggling threat prevention on and off apparently, and thus is showing the "Your Mac is at risk" warning to the user.

I am trying to uninstall McAfee Endpoint Security Software 10.2.1 as a troubleshooting step but am running in to issues even if I try to uninstall as root. Do you have any insight as to what the issue may be, or have you seen this before?

root# /usr/local/McAfee/uninstall EPM
Uninstallation Failed..

root# /usr/local/McAfee/uninstall ThreatPrevention
Uninstallation Failed...

Thanks

you may need to upgrade the agent to 5.0.4.449 and let it sync up with your ePO server. Then see if it will let you uninstall or that may even fix your initial problem you're troubleshooting.

Could be lazy and let ePO handle the installs, then just run the install.sh provided by McAfee to register the clients.

We have seen this issues and its the order your install the packages. we have it setup like this to install:

Agent First, then:

There is an order to install or it will fail.

@Kaltsas

Installation of McAfee Agent 5.0.4 (this is a package I make to deploy install.sh) was success

But

McAfee-Firewall-for-Mac-10.2.1-ePO-client-package-RTW-2632.pkg
McAfee-Threat-Prevention-for-Mac-10.2.1-ePO-client-package-RTW-2632.pkg
McAfee-Management of Native Encryption FileVault 4.1.0.361 (MNE.pkg)

failed for JSS, So I tried to install them manually and now I cannot uninstall them, using command

To uninstall MNE: sudo /usr/local/McAfee/uninstall MNE
To uninstall Threat Prevention: sudo /usr/local/McAfee/uninstall ThreatPrevention To uninstall Firewall: sudo /usr/local/McAfee/uninstall Firewall

only McAfee Agent was uninstalled: /Library/McAfee/agent/scripts/uninstall.sh

How do I uninstall them first? than in which order should I install them? Does while installation network get Blocked or network settings changes?

I am have a similar issue installing McAfee-Threat-Prevention-for-Mac-10.2.2-RTW-standalone-3003.dmg, it locks up about mid way through. Has any one found a solution to fix this?
Thx

We are installing it without any issues, so it should work.

Sorry I can't help!!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded