Jamf Nation Community

dpertschi · ‎09-01-2011

(There's more traffic here than the Imaging list...)

Is anyone else deploying the McAfee agent and Security For Mac apps with Casper Imaging? I thought I had it figured out, but not quite….

I've got the Security for Mac software installing at first boot, not problem there. But the agent is iffy.

I created a package with Composer that copies the install.sh script into /tmp and I included a postflight script which executes the install script. When run manually, all seems good. But when run during imaging something isn't right, and I presume it has to do with that darn disk image the script mounts when it runs.

The thing that isn't right, is after I image a machine with these packages is that if you go into McAfee Security Prefs. > Repository List > I do not see my internal ePO servers listed. Which leads me to believe the agent isn't properly talking to ePO.

Anyone got a working process?

Thanks,
Darrin

bentoms · ‎09-01-2011

Have you tried running the install from the booted volume? (or whatever the tick box in Casper admin says).

Regards,

Ben.

noah_swanson · ‎09-01-2011

Was your McAfee script created on your master ePO server? For us, we create a new install.sh from the master ePO and it merges the serverlist.xml file in there.

--Noah

dpertschi · ‎09-01-2011

I do have the package installing at first boot.
I do believe the agent script was created on our ePO.
And, unfortunately, right now our ePO is not configured to auto download MSM. (future implementation).

Jared, when you say your installing the agent with Casper, do you mean as a policy, or during imaging?

Darrin

noah_swanson · ‎09-01-2011

The way we do it is create the install.sh on the master ePO. Cache the script in tmp as you described then have a script at boot install the agent. The MSM is pushed (eventually). I've tried using PKG's and they don't work that well. Whatever McAfee gave us had another agent in the pkg which wasn't ours so it wouldn't point to the right servers. From my experience McAfee's Mac support is pretty ignorant; they just have no clue.

--Noah

ericfischer · ‎09-01-2011

I believe to have this working by creating a package to place both
installers into a Mac EPO folder within /private/tmp and then to have a
postinstall script as follows:

#installs the client

installer -pkg /private/tmp/Mac EPO/McAfee Security for
Mac-Anti-malware-1.1-RTW-1309.mpkg -target /

#uninstalls the agent that comes with the client that talks to McAfee's
servers for updates, not yours

/Library/McAfee/cma/uninstall.sh

#installs your customized version of the agent fresh

/private/tmp/Mac EPO/install.sh -i

bentoms · ‎09-01-2011

Guys,

This is all great info!

As I've been tasked with testing & deploying McAfee to my Macs.

Quick of topic q. How does the agent perform once installed? Is it a resource hog? Any issues to logout for in regards to data corruption? Whitelist? Etc...

I've previously used/managed Symantec & Sophos.

Regards,

Ben.

noah_swanson · ‎09-01-2011

That’s a loaded question! :p

If configured correctly on the ePO it’ll run decently well with low interference (The MSM has On-Access Scanning, Application Protection, Spyware Scan, and Desktop Firewall ). OnAccess scanning will definitely present an issue if this wasn’t implemented with your previous solution.

Another thing to look out for is the uninstallers. They’re fairly easy to find and if your users have admin rights, you might just want to either remove or lock down these files: /Applications/McAfeeSecurityUninstaller.app /Library/McAfee/cma/uninstall.sh

We went from Symantec to McAfee a bit over a year ago and the biggest hurdle was OnAccess scanning being enabled. Otherwise I haven’t heard many complaints. My biggest issue is not being able to do much remotely. For example, it’d be nice to have a policy setup to force McAfee to update, however none of the parts of McAfee have any command line support for this; not even apple script definitions.

Feel free to give me a shout if you run into any issues. We’ve certainly had our share of cases open with McAfee.

--Noah

Report Inappropriate Content · ‎09-01-2011

Hi Darrin,

This is what works for me after many hours of trying to install the agent
perfectly.

It seems that after you install the Mcafee Security antivirus , you need a
restart before install the EPO agent

Install the Mcafee Antivirus Security 9.1 in the deployment.

Create a Composer package with
(/Library/Scripts/company/Mcafee_Epo_Agent_4.6_install.sh) and launch
daemon(the launch daemon will run the install.sh on the next time
/Library/LaunchDaemons)

Roy Chean

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>Label</key> <string>edu.yourcompany.Mcafee_Epo_Agent_4.6_Mac_R01</string> <key>ProgramArguments</key> <array> <string>/Library/Scripts/company/Mcafee_Epo_Agent_4.6_install.sh</string> </array> <key>QueueDirectories</key> <array/> <key>RunAtLoad</key> <true/> <key>WatchPaths</key> <array/>
</dict>
</plist>

Mbentley777 · ‎09-02-2011

Roy,

Wanted to follow up – with this config:

Package with 3 parts:

McAfee AV Security 9.1 A company custom ePO * A launch daemon

Are you saying that you could use this as a part of a system image, or as part of a post install- or both? By both, I mean, install the Security package as part of the image, and then set the ePO install script as a launch daemon on the next start?

We're trying to get away from an older scripted install, and I'd like to try and pack the entire think up into a nice neat package – but from the looks of it, a 'clean' version of this install would only work once the machine has been booted.

Regards,
Matt Bentley

Jamf Nation Community

Imaging and McAfee agent