@donmontalvo We have been testing this version over the last month, the installer is very hit and miss via an ePO server. there is an installer that combines all the three packages into one which we have had better luck with.
others are correct, uninstalling any of the McAfee products is a nightmare.
@dmw3 wrote:
there is an installer that combines all the three packages into one which we have had better luck with.
Interesting, did you have to request the combined package?
@donmontalvo Should be available to you via your McAfee login
@donmontalvo, don't know if this would help, but my colleague and I wrote a script that checks if a specific version of McAfee Agent is installed (in this case 5.0.3.272) and is pointed at the proper ePO server (replace "epo.server.com:80" with your own).
If MA is not the proper version or pointing to the right server, it uninstalls it (either version 4.x or 5.x) and the installs proper version from install.sh, which is assumed to be staged in /tmp/epoinstall already.
#!/bin/bash
target="$3"
agentVer="5.0.3.272"
epoSvr="epo.server.com:80"
configDir="$target/etc/cma.d/EPOAGENT3700MACX/"
cmaDir="$target/Library/McAfee/cma/"
tmpDir="$target/tmp/epoinstall"
if [ -e "$cmaDir/scripts/uninstall.sh" ]; then
echo "$(date): McAfee Agent (ePO) 5.x Installation Found"
if grep -q $agentVer "$configDir/config.xml"; then
echo "$(date): McAfee Agent (ePO) Version $agentVer Found"
if grep -q $epoSvr "$cmaDir/scratch/ServerSiteList.xml"; then
echo "$(date): McAfee Agent (ePO) 5.x Points to $epoSvr"
exit 0
else
echo "$(date): McAfee Agent (ePO) 5.x Points to Incorrect Server"
fi
else
echo "$(date): McAfee Agent (ePO) Version $agentVer Not Found"
fi
echo "$(date): Removing McAfee Agent (ePO) 5.x"
if "$cmaDir/scripts/uninstall.sh"; then
echo "$(date): McAfee Agent (ePO) 5.x Removed Successfully"
else
echo "$(date): McAfee Agent (ePO) 5.x Removal Failed"
exit 1
fi
else
echo "$(date): McAfee Agent (ePO) 5.x Installation Not Found"
if [ -e "$cmaDir/uninstall.sh" ]; then
echo "$(date): McAfee Agent (ePO) 4.x Installation Found"
echo "$(date): Removing McAfee Agent (ePO) 4.x"
if "$cmaDir/uninstall.sh"; then
echo "$(date): McAfee Agent (ePO) 4.x Removed Successfully"
else
echo "$(date): McAfee Agent (ePO) 4.x Removal Failed"
exit 1
fi
fi
fi
if "$tmpDir/install.sh" -i; then
echo "$(date): McAfee Agent (ePO) 5.x Installed Successfully"
else
echo "$(date): McAfee Agent (ePO) 5.x Installation Failed"
exit 1
fi
exit 0
We have had varying success with pushing it from the EPO server also. Out attempts to use Jamf Pro also are not perfect. We have seen some where the old version uninstalls but the new version won't install leaving the machine out of compliance. I have setup some EA that pull McAfee info to help with scoping and dashboards to see versions and last run.
Huge fan that MA 5.0.4 now comes with an Agent Status Monitor which now is a GUI for the log and sending props/events like we see on the PC side.
We have the all in 1 installer and about to try it but will also try the script above!! I did hear that ENS 10.5 is on its way out soon.
Speaking of uninstalling, does anyone have a good ENS uninstaller? We have 1 Mac where ENS is flashing between enabled and disabled. Reinstall did not fix.
We are seeing the same issue as dmw3 and swaps. We gave up on pushing from the server it saw so bad, then the "EPO" team moved back.
C
On the "all in one installer" DMG can someone post an image of the mounted DMG contents
Are there three PKGs and an install.sh? Is there a single PKG? Is there a single install.sh and a combined PKG?
Wanted to check before reaching out to the team that gets the source files for us.
TOA,
Don
@donmontalvo unpacked with Pacifist
@donmontalvo and @dmw3, Has anyone had any success uninstalling McAfee endpoint Security 10.2.1? All attempts to run the uninstall script fail, even when running as root:
root# /usr/local/McAfee/uninstall EPM
Uninstallation Failed..
root# /usr/local/McAfee/uninstall ThreatPrevention
Uninstallation Failed...
@dmw3 How did you take that standalone .dmg package from Mcafee and package it using Composer to get deployed.
I have taken the .pkg and uploaded it to composer but when i try to deploy it, it doesn't work.
What steps did you have to take from taking that DMG to getting it into the JSS and down to a device
*Apologies for dumb questions, a newbie with JAMF.
I think the standalone installers fail unless the agent is installed 1st. I also don't think you need to re-package the installers, just drag then straight in to Casper admin.
C
@gachowski Yes the stand alone installers require the agent to be installed. I believe there is a version 10.2.2 out now as well.
@benbass we just got a request for 10.2.2 and source files came with two "standalone" installers...but as expected, and confirming what you posted, neither install the McAfee Agent. It has to be installed for the standalone installers to work.
- McAfee-Threat-Prevention-for-Mac-10.2.2-standalone-111-HF1191059.pkg
- McAfee-Application-Protection-230-standalone-RTW-1791.pkg
Rumor has it Intel/McAfee has a long time employee (100+ years old) who has some dirt on the company, so they put him in a cage, feed him slabs of meat, and he keeps install.sh going. Once he stops breathing, McAfee can hand that portion of their product to the capable team that provides proper flat/signed zero touch deployable packages, and the world will be a better place. ¯_(ツ)_/¯
So the 100+ year old must still be kicking...same issues with 10.5.7.
The mcafee channel on macadmin slack seems to have some mcafee internal folks. They don't seem to be 100+ but may sit near that person. They often post some great scripts.
I am back and forth on the idea of either pushing all the software down with jamf or just get the agent onto the client and let EPO do all the work. In my case, I copy the wonderful install.sh file to the Mac and run it from a script. When it checks in with EPO, the agent sees missing software and the EPO tasks kick off to fill the computer with great wonderfulness.
Sometimes, 1 is faster than the other, other times not so much.
I've been installing the agent for years, then let it check in and ePO installs the suite. I've had some issues with the agent over the years, but generally it works well. I grab the following from Program Files (x86)McAfee ePolicy OrchestratorDBSoftwareCurrentEPOAGENT3700MACXInstall409 on the ePO server:
install.sh
SiteInfo.ini,
sr2048pubkey.bin,
SiteList.xml,
req2048seckey.bin,
srpubkey.bin,
agentfipsmode,
reqseckey.bin
then I drop it into a folder, I create in /usr/local, and run a script that just runs install.sh -i to install it. Getting it from the current repository on the server, it has the keys and points to the server after installation. If you have an older version installed it just updates it. I use
/Library/McAfee/agent/bin/cmdagent -c
to check into the server. and have the policy and task set up to do the install of the Endpoint suite.
@swhps wrote:
I am back and forth on the idea of either pushing all the software down with jamf or just get the agent onto the client and let EPO do all the work.
Yeap, we've been suggesting this for years, but have been getting "Too much to push" pushback, which is, well, ridiculous.
@cnorrisAdmin wrote:
I've been installing the agent for years, then let it check in and ePO installs the suite.
Yep, I'll have to point the folks who own the service to this thread. ;)
McAfee is annoying. I am working through this with nothing but headaches. I haven't had much success installing the agent with Jamf. But if I install the agent manually, ePO communicates fine. But ePO always has a hot fix or a new agent for a new macOS so soon as I need to update the agent (new file) or just put a new agent on a machine manually, I am running into an issue with file sharing on the Macs. It's not communicating properly and keeps giving me an SSH error in ePO, even though I have SMB file share turned on. I am at a loss right now. Any advice?
I have Jamf push down the files so I don't have to connect the Macs to the server or have the server see my Macs.
I have EPO build my install.sh file. On the EPO System Tree screen is a "new systems" button which is super secret code for make a new install file. In there I choose Create and download agent > non windows > pick my current mac agent. Nothing else gets filled in on that screen and I make the package then download it. (in my case, I add the agent version number to the file to keep straight for testing)
Next I package the agent (just the 1 file) with Composer and have it put the install package in /Library/buildJSS/installmcafee/. (I started using buildJSS to keep all my installers together and not get confused with apps that use Application Support/. Folder location really does not really matter as long a your script points to it )
I then have a script run the install.sh -i from that folder and the agent installs.
#!/bin/sh
/Library/BuildJSS/InstallMcafee/install551.sh -i
sleep 30
/Library/McAfee/agent/bin/cmdagent -p
Having EPO build it bakes in all the settings for my EPO server and relay. You may also find that if you highlight a branch in the system tree before clicking on "new systems" that when the system enrolls, it will land in that branch.
If I keep up with the agent updates in EPO > Software Manager, then as the hot fixes come out, EPO uses my agent tasks to update the agent until I get around to making a new install package.
Playing around with the Create URL choice in the list, it did appear to make a more automated installer but it expires quickly.
@swhps Thank you for the step by step example. I will give this a try!
@swhps thank you for that workflow. Works great for me. However, one more question if I may. A lot of my Macs have an old agent on them. The workflow that I am getting from Mcafee is that the old agent must be uninstalled before the new agent is installed. Is that the same workflow you use? When you go from one agent to the next, you run an uninstall mcafee script pre install of the new agent?
@eric.difulvio McAfee has a removal tool (which is actually a binary rather than a script despite possibly arriving with a .sh suffix), ask your McAfee contact if they haven't mentioned it already. Include that with the files you push to your Macs for installation of ENS and call it as the 1st step in your process.
Hi All,
We had issues with McAfee installation and agent reporting to server.
It seems when installing McAfee ENS + Threat Prevention, there is agent already present in that installation so we do the following:
Install McAfee ENS with .xml where we select what components we want to install
installer -dumplog -verbose -pkg "McAfee-Endpoint-Security-for-Mac-10.5.6-RTW-standalone-100.pkg" -allowUntrusted -target / -applyChoiceChangesXML "ProductDeploy.xml"
Uninstall the Agent, that was installed with ENS package
/Library/McAfee/agent/scripts/uninstall.sh
Install the new agent (script that we got and packaged)
install.sh -i
Report agent to server
/Library/McAfee/agent/bin/cmdagent -p
While deploying to Pilot users we check with ePO console if agent is reporting.
The key was to Install ENS, remove the agent that came with that and install agent with script.
Also, while upgrading sometimes reboot was needed, depending on version.
/Library/McAfee/cma/bin/cmdagent -p is basically like running sudo jamf recon.
/Library/McAfee/cma/bin/cmdagent -c is basically like running sudo jamf policy.
Ya kind of have to run both.
Fellow Mac techs, I need a hand here , what are the actual files called that I need to upgrade the Mcafee agent as of this date? Can someone guide me with the whole install.sh process? My infosec team is not sure of any of it and its kind of being put on me to figure out. I also dont have access to the site to get the installers so its ultra frustrating. Any help, guidance, tips etc, would be really appreciated at this point, Im Stubakka on the Mac admins slack also if anyone want to dm me and help a fellow admin out. End of rope here.
