Jamf Nation Community

And you won't be able to ssh in either. (angry face here) I had this with Endpoint Protection product, and it would clear once the machine checked in an enforced policy, ~20 minutes, You can try adding a script to force the checkin with ePO:

/Library/McAfee/cma/bin/cmdagent -c

With the Endpoint Security product, you can get just the Threat Prevention installer if you don't want firewall also.

I'm running this script after install to not only turn it off, but remove the feature entirely:

#!/bin/bash
echo "Disabling WebControl"
/usr/local/McAfee/uninstall WebControl
echo "Disabling McAfee Firewall"
/usr/local/McAfee/uninstall Firewall
exit 0

I get "uninstallation failed" or "permission denied." Any thoughts?

Are you running it with sudo? I run it as part of my McAfee install/upgrade, but if you're just testing locally it will require sudo.

Your best bet would be to have your ePO administrator adjust the Firewall policy to allow all the pertinent ports you need to manage the Macs. Immediately after installing McAfee on a Mac, the firewall will default to blocking everything, but after 10-15 minutes it will check in with the server and pull down the firewall policy that permits ssh and ARD and anything else you need.

I tried using the script through ARD's Unix button. Yes, I used sudo. I'm probably missing something simple.

I will contact the ePO admin. The thing is when I update to endpoint 2.3 on 10.12 Macs, I don't lose remote connection. I install the agent and I am on my way.

But going from 1.2 to 2.3 endpoint on 10.11 Macs, I lose connection and can't SSH. 10.12 Macs are just fine. So I am puzzled.

This is how I disable it on 10.5.x. You can either add this at the end of your postinstall script, or add the script as a payload to your McAfee installer policy. I have found that you need to restart the daemon to get it to start back up if a reboot is not desired.

Command to disable firewall

sudo defaults write /Library/Preferences/com.mcafee.ssm.StatefulFirewall.plist IsFirewallEnabled -bool false

Command to enable firewall

sudo defaults write /Library/Preferences/com.mcafee.ssm.StatefulFirewall.plist IsFirewallEnabled -bool true
sudo /usr/local/McAfee/StatefulFirewall/bin/StatefullFirewallControl restart

Our issue is that the ePO servers do not sort consistently, and often our Macs just sit in some Lost & found container until they are manually put in the correct managed container. With the above disable command, at least our techs can still work with the machine while it waits for ePO to figure it out. Once the ePO starts managing the client, it can do whatever it wants. Leave it disabled, enable it and manage it, etc.. This is simply a work-around while waiting for management.

@McMike would you happen to have a way to enable Threat Prevention using a script? For some reason every time I install ENS Threat Prevention is disabled, and any attempt at making a custom package for it in Composer gives me an OS incompatibility error when trying to install it.