McAfee Agent and Catalina

swhps
Contributor III

How are you deploying McAfee Agent in 10.15.4? Does it fail trying to expand to the read-only drive?
10.14 and lower, we would push out the install.sh and run it from a script with out issue. Started failing with 10.15.

https://support.apple.com/en-us/HT210650

Script result: /Library/BuildJSS/InstallMcafee/install564.sh -i
bit-64
mktemp: mkdtemp failed on mfeheyfEq: Read-only file system
mkdir: : No such file or directory
30 REPLIES 30

daniel_oconnell
New Contributor II

Did you find a solution to this problem? This is happening on half of my systems as I try and deploy the McAfee agent via Jamf.

ladygreyjedi
New Contributor III

We had to update our install.sh scripts from epo for it work in Catalina.

daniel_oconnell
New Contributor II

Thanks for the response. This is a brand new EPO server that I just set up a few weeks ago. Half of the agents installed fine the other half display this error:

Script result: /Library/Application Support/JAMF/tmp/InstallMcAfee: line 16: /usr/local/mcafee/uninstall: No such file or directory
bit-64
mktemp: mkdtemp failed on mfeFDcHx7: Read-only file system
mkdir: : No such file or directory
May 12 16:43:09  installer[66367] <Critical>: PFPkg: No file found at path: /ma.pkg
May 12 16:43:09  installer[66367] <Critical>: PFPackage::packageWithURL - can't instantiate package: /ma.pkg
installer: Error - the package path specified was invalid: 'ma.pkg'.
hdiutil: detach failed - No such file or directory
/Library/tmp/install.sh: line 76: cd: HOME not set
installing client extension from : /

Any recommendations would be helpful. I followed the recommended installation steps found here: https://www.jamf.com/jamf-nation/articles/182/deploying-the-mcafee-epo-agent-using-the-casper-suite

Nix4Life
Valued Contributor

No issues installing McAfee, but using another tool. maybe this is a good use case for symbolic links as mentioned by Rich

daniel_oconnell
New Contributor II

Thank you for the response. I will need to do some research on symbolic links if this is going to be an issue moving forward. The issue seems to be with the McAfee script rather than something I can control. Can you tell me what version of the McAfee Agent you are running successfully and what your process is?

jtrant
Contributor III

We deploy Agent 5.6.2 to Catalina Macs without issue. However, I use a custom package with the installer.sh staged outside of a protected folder (in our case /tmp) and run it from there. I'd be happy to share some screenshots if needed, but we also have a postflight script that checks in with ePO, applies a tag and then cleans up after itself.

It shouldn't make a different for agent installation, but do you have the required PPPC in place for McAfee?
https://kc.mcafee.com/corporate/index?page=content&id=KB91109

It would also be good to test manually running the installer with the -i (install) flag directly on the machine to rule out a Jamf issue. If it installs manually out of a specified temp folder, it should work with Jamf.

swhps
Contributor III

@ladygreyjedi what do you alter in the script?

jtrant
Contributor III

@swhps I'm assuming they meant downloading the correct install.sh for the compatible agent version.

ladygreyjedi
New Contributor III

Yes my McAfee team member pulled the new install.sh from EPO and it worked.

daniel_oconnell
New Contributor II

Thanks for the responses. I am working with Jamf support to get this issue resolve and will update when we figure out what is going on. @Jtrant thank you for the PPPC recommendation, I will need to put that in place. I don't think that would affect the installation however, just the application running after the fact.

I am using the latest McAfee agent 5.6.5, staging it in a temp folder with a .pkg and calling install.sh with the -i switch. I will try and run the installation locally on some of the problem machines. I will update when I have more information.

lohika_old
New Contributor

@daniel.oconnell
Hello Daniel,
Have you solved this issue with support?
Unfortunately, we have the same problem with the installation of McAfee (Agent ver. 5.6.3), starting with Catalina.
Thanks.

MikaelDez
Contributor

I have this same issue trying to deploy the agent via JSS. I can install it manually using "/private/tmp/install.sh -i"no problem, but I get the same error as OP when the policy is run by Jamf.

chase_g
New Contributor III

I have had success deploying McAfee Agent thru Jamf for a long time now using the same method since 5.6.2-5.6.5 and on Mojave or Catalina. Here is how I do it:

  1. Take the install.sh file for the version I am packaging and rename it to McAfeeAgentInstall563.sh then place it in this location on my packaging Mac: /private/tmp/

  2. Drag that file into Composer to create a new pkg. Make sure owner is set correctly on the tmp folder and the file itself root:wheel. tmp folder 777 and McAfeeAgentInstall563.sh 755
    65f1b4dca8844c1a9e9ad27c576b98b9

  3. Click on the Scripts folder of the pkg and add Shell script>postinstall

  4. I then use an old script created by @franton with some path changes on lines 40 and 43, to point to where I put the McAfeeAgentInstall563.sh script. You can find that script here on his GITHUB
    Nice thing about the script is if it detects mcafee agent is installed already it will do an upgrade and if not does an install.
    Some of the additional commands at the end of the script often fail for me but I assume its because its running too soon after being installed and before the agent is even communicating with ePO. But I always end up with a functioning agent.
    db6ee6ac5575483392cdb6bff44c6db6

  5. Have package created/signed in Composer then upload to Jamf and deploy with a policy.

Hope this helps some of you.

MikaelDez
Contributor

@chase.garcia I just tried your method down to every step minus using that script and I still get a failed attempt. I have tried installing it from the /private/tmp/ folder as well as /Users/Shared, this is what Jamf Pro's Policy Log says:

Installing McAfee Agent.pkg...
Successfully installed McAfee Agent.pkg.
Running command /Users/Shared/install.sh -i...
Result of command:
bit-64
mktemp: mkdtemp failed on mfedQHyTR: Read-only file system
mkdir: : No such file or directory
Aug 7 20:13:29 installer[3181] <Critical>: PFPkg: No file found at path: /ma.pkg
Aug 7 20:13:29 installer[3181] <Critical>: PFPackage::packageWithURL - can't instantiate package: /ma.pkg
installer: Error - the package path specified was invalid: 'ma.pkg'.
hdiutil: detach failed - No such file or directory
/Users/Shared/install.sh: line 76: cd: HOME not set
installing client extension from : /

chase_g
New Contributor III

@mikedesmarais any reason why you didn’t try using the script? What is your post install script looking like?

MikaelDez
Contributor

Just to see if the install works at all before getting fancy with it, I totally want to look into that script as well. I’m just using “/Users/Shared/install.sh -i” which works when I try it manually. It fails when jamf runs the script through the policy.

chase_g
New Contributor III

Oh your not using a post install script. Your package is just dropping the file in /Users/Shared/ and then in your policy you are trying to use a Jamf files and process command to actually try running that install.sh? That could be your problem, with my package that post install script does the actual install of the agent immediately after it gets dropped in my location. So the policy you would make in Jamf would not need that command, it would just be to install the package.

MikaelDez
Contributor

@chase.garcia THANK YOU that worked! I should have just followed your post to a T to begin with.

rocketman
New Contributor II
New Contributor II

@swhps Did @chase.garcia's method work for you? Or are you still running into issues?

Looking for a Jamf Managed Service Provider? Look no further than Rocketman

kylejordan09
New Contributor

Here's how I resolved this issue. Took the MAgent script, built it into a dmg via Composer. Location I placed it in was /tmp/, then I used a post install script to copy it to the /tmp/ location on the local HD. After that I ran the install.sh -I command (works via processes or script). This worked without getting any Read - only errors. Hope this helps someone.

cdiaz2
New Contributor

@kylejordan09 I'd like to try your suggestion. What postinstall script do you use to copy the MAgent script onto the local HD's tmp folder? I'm still new to the Mac world, but I take it that the local HD tmp folder is different than the universal tmp folder (/private/tmp/).

MikaelDez
Contributor

@cdiaz2 I use Composer, and I just put the install.sh file into /private/tmp. Then I add a postinstall script thats essentially the script from Github a few comments back, only I alter the script to reflect the /private/tmp/install.sh path. I have had zero issues with deploying the Agent in this manner since I was given that advice!

MichaelMcG
New Contributor

@mikedesmarais Would you mind sharing your version with the altered /private/tmp path, I edited which i thought was the correct path and it failed horribly...
Maybe someone can tell me why....

2021-05-20 08:47:59+02 fptestmac1 installer[787]: Product archive /Library/Application Support/JAMF/Downloads/McAfeeSmartInstall.pkg trustLevel=100
2021-05-20 08:47:59+02 fptestmac1 installer[787]: External component packages (1) trustLevel=100 (trust evaluation failed: Error Domain=PKInstallErrorDomain Code=101 "The package “McAfeeSmartInstall.pkg” is not signed." UserInfo={NSURL=#payload.pkg -- file:///Library/Application%20Support/JAMF/Downloads/McAfeeSmartInstall.pkg#Distribution, PKInstallPackageIdentifier=mcafeesmartinstall, NSLocalizedDescription=The package “McAfeeSmartInstall.pkg” is not signed.})
2021-05-20 08:47:59+02 fptestmac1 installer[787]: -[IFDInstallController(Private) buildInstallPlanReturningError:]: location = file://localhost
2021-05-20 08:47:59+02 fptestmac1 installer[787]: -[IFDInstallController(Private) _buildInstallPlanReturningError:]: file://localhost/Library/Application%20Support/JAMF/Downloads/McAfeeSmartInstall.pkg#payload.pkg
2021-05-20 08:47:59+02 fptestmac1 installer[787]: Set authorization level to root for session
2021-05-20 08:47:59+02 fptestmac1 installer[787]: Administrator authorization granted.
2021-05-20 08:47:59+02 fptestmac1 installer[787]: Will use PK session
2021-05-20 08:47:59+02 fptestmac1 installer[787]: Using authorization level of root for IFPKInstallElement
2021-05-20 08:47:59+02 fptestmac1 installer[787]: Starting installation:
2021-05-20 08:47:59+02 fptestmac1 installer[787]: Configuring volume "Macintosh HD"
2021-05-20 08:47:59+02 fptestmac1 installer[787]: Preparing disk for local booted install.
2021-05-20 08:47:59+02 fptestmac1 installer[787]: Free space on "Macintosh HD": 1,08 TB (1080813096960 bytes).
2021-05-20 08:47:59+02 fptestmac1 installer[787]: Create temporary directory "/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//Install.787VEZcBy"
2021-05-20 08:47:59+02 fptestmac1 installer[787]: IFPKInstallElement (1 packages)
2021-05-20 08:48:00+02 fptestmac1 installer[787]: Current Path: /usr/sbin/installer
2021-05-20 08:48:00+02 fptestmac1 installer[787]: Current Path: /bin/bash
2021-05-20 08:48:00+02 fptestmac1 installer[787]: Current Path: /usr/local/jamf/bin/jamf
2021-05-20 08:48:00+02 fptestmac1 installd[788]: installd: Starting
2021-05-20 08:48:00+02 fptestmac1 installd[788]: installd: uid=0, euid=0
2021-05-20 08:48:00+02 fptestmac1 installd[788]: PackageKit: Adding client PKInstallDaemonClient pid=787, uid=0 (/usr/sbin/installer)
2021-05-20 08:48:00+02 fptestmac1 installer[787]: PackageKit: Enqueuing install with framework-specified quality of service (utility)
2021-05-20 08:48:00+02 fptestmac1 installd[788]: PackageKit: ----- Begin install -----
2021-05-20 08:48:00+02 fptestmac1 installd[788]: PackageKit: request=PKInstallRequest <1 packages, destination=/>
2021-05-20 08:48:00+02 fptestmac1 installd[788]: PackageKit: packages=( "PKLeopardPackage <id=mcafeesmartinstall, version=1, url=file:///Library/Application%20Support/JAMF/Downloads/McAfeeSmartInstall.pkg#payload.pkg>" )
2021-05-20 08:48:00+02 fptestmac1 installd[788]: PackageKit: Set reponsibility for install to 710
2021-05-20 08:48:00+02 fptestmac1 installd[788]: PackageKit: Skipping stale sandbox at path /Library/InstallerSandboxes/.PKInstallSandboxManager/B73C3BDA-852F-4289-A69D-6DCA334CE7C4.activeSandbox
2021-05-20 08:48:00+02 fptestmac1 installd[788]: PackageKit: Will do receipt-based obsoleting for package identifier mcafeesmartinstall (prefix path=)
2021-05-20 08:48:00+02 fptestmac1 installd[788]: PackageKit: Extracting file:///Library/Application%20Support/JAMF/Downloads/McAfeeSmartInstall.pkg#payload.pkg (destination=/Library/InstallerSandboxes/.PKInstallSandboxManager/EDFACFAB-8D5F-41C2-90EF-31C5C1DFD17E.activeSandbox/Root, uid=0)
2021-05-20 08:48:00+02 fptestmac1 installd[788]: PackageKit: prevent user idle system sleep
2021-05-20 08:48:00+02 fptestmac1 installd[788]: PackageKit: suspending backupd
2021-05-20 08:48:00+02 fptestmac1 installd[788]: PackageKit: Using trashcan path /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/PKInstallSandboxTrash/EDFACFAB-8D5F-41C2-90EF-31C5C1DFD17E.sandboxTrash for sandbox /Library/InstallerSandboxes/.PKInstallSandboxManager/EDFACFAB-8D5F-41C2-90EF-31C5C1DFD17E.activeSandbox
2021-05-20 08:48:00+02 fptestmac1 installd[788]: PackageKit: Shoving /Library/InstallerSandboxes/.PKInstallSandboxManager/EDFACFAB-8D5F-41C2-90EF-31C5C1DFD17E.activeSandbox/Root (1 items) to /
2021-05-20 08:48:00+02 fptestmac1 installd[788]: PackageKit (package_script_service): Preparing to execute script "./postinstall" in /private/tmp/PKInstallSandbox.YnyeuX/Scripts/mcafeesmartinstall.EiYlX1
2021-05-20 08:48:00+02 fptestmac1 package_script_service[791]: PackageKit: Executing script "postinstall" in /tmp/PKInstallSandbox.YnyeuX/Scripts/mcafeesmartinstall.EiYlX1
2021-05-20 08:48:00+02 fptestmac1 package_script_service[791]: Set responsibility to pid: 710, responsible_path: /usr/local/jamf/bin/jamf
2021-05-20 08:48:01+02 fptestmac1 package_script_service[791]: ./postinstall: Creating temporary directory...
2021-05-20 08:48:01+02 fptestmac1 package_script_service[791]: ./postinstall: chmod: /private/tmp/PKInstallSandbox.YnyeuX/Scripts/mcafeesmartinstall.EiYlX1//tmp/McAfeeSmartInstall_wRUd9l: No such file or directory
2021-05-20 08:48:01+02 fptestmac1 package_script_service[791]: ./postinstall: /tmp/PKInstallSandbox.YnyeuX/Scripts/mcafeesmartinstall.EiYlX1/postinstall: line 49: /Library/McAfee/agent/bin/cmdagent: No such file or directory
2021-05-20 08:48:01+02 fptestmac1 package_script_service[791]: ./postinstall: /tmp/PKInstallSandbox.YnyeuX/Scripts/mcafeesmartinstall.EiYlX1/postinstall: line 52: /Library/McAfee/agent/bin/cmdagent: No such file or directory
2021-05-20 08:48:01+02 fptestmac1 package_script_service[791]: ./postinstall: /tmp/PKInstallSandbox.YnyeuX/Scripts/mcafeesmartinstall.EiYlX1/postinstall: line 55: /Library/McAfee/agent/bin/cmdagent: No such file or directory
2021-05-20 08:48:01+02 fptestmac1 package_script_service[791]: ./postinstall: /tmp/PKInstallSandbox.YnyeuX/Scripts/mcafeesmartinstall.EiYlX1/postinstall: line 58: /Library/McAfee/agent/bin/cmdagent: No such file or directory
2021-05-20 08:48:01+02 fptestmac1 package_script_service[791]: Responsibility set back to self.
2021-05-20 08:48:01+02 fptestmac1 installd[788]: PackageKit: Writing receipt for mcafeesmartinstall to /
2021-05-20 08:48:01+02 fptestmac1 installd[788]: Installed "McAfeeSmartInstall" ()
2021-05-20 08:48:01+02 fptestmac1 installd[788]: PackageKit: releasing backupd
2021-05-20 08:48:01+02 fptestmac1 installd[788]: PackageKit: allow user idle system sleep
2021-05-20 08:48:01+02 fptestmac1 installd[788]: PackageKit: Cleared responsibility for install from 787.
2021-05-20 08:48:01+02 fptestmac1 installd[788]: PackageKit: ----- End install -----
2021-05-20 08:48:01+02 fptestmac1 installd[788]: PackageKit: 1.6s elapsed install time
2021-05-20 08:48:01+02 fptestmac1 installd[788]: PackageKit: Running idle tasks
2021-05-20 08:48:01+02 fptestmac1 installd[788]: PackageKit: Removing client PKInstallDaemonClient pid=787, uid=0 (/usr/sbin/installer)
2021-05-20 08:48:01+02 fptestmac1 installd[788]: PackageKit: Done with sandbox removals
2021-05-20 08:48:02+02 fptestmac1 installer[787]: Running install actions
2021-05-20 08:48:02+02 fptestmac1 installer[787]: Removing temporary directory "/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//Install.787VEZcBy"
2021-05-20 08:48:02+02 fptestmac1 installer[787]: Finalize disk "Macintosh HD"
2021-05-20 08:48:02+02 fptestmac1 installer[787]: Notifying system of updated components
2021-05-20 08:48:02+02 fptestmac1 installer[787]: 2021-05-20 08:48:02+02 fptestmac1 installer[787]:
Summary Information *
2021-05-20 08:48:02+02 fptestmac1 installer[787]: Operation Elapsed time
2021-05-20 08:48:02+02 fptestmac1 installer[787]: -----------------------------
2021-05-20 08:48:02+02 fptestmac1 installer[787]: disk 0.03 seconds
2021-05-20 08:48:02+02 fptestmac1 installer[787]: script 0.00 seconds
2021-05-20 08:48:02+02 fptestmac1 installer[787]: zero 0.00 seconds
2021-05-20 08:48:02+02 fptestmac1 installer[787]: install 2.62 seconds
2021-05-20 08:48:02+02 fptestmac1 installer[787]: -total- 2.65 seconds
2021-05-20 08:48:02+02 fptestmac1 installer[787]:

MikaelDez
Contributor

@MichaelMcG

I throw the install.sh file into /private/tmp, drag it into Composer and update its permissions (tmp folder is 777, file is 755):

427bc8e934794501ac4e7d974b3ccf9e

Then I add a post install script in Composer (All I did was take out the end piece where it checked for updates and I updated the path in the script to reflect /private/tmp/install.sh):

#!/bin/bash
# Script to install latest McAfee version from install.sh script.
# Should also upgrade any previous software before proceeding.
# Author  : contact@richard-purves.com
# Version : 1.0 - Initial Version
# Set up log file, folder and function
LOGFOLDER="/var/log/organisation"
LOG=$LOGFOLDER"/McAfee-Install.log"
if [ ! -d "$LOGFOLDER" ];
then
    mkdir $LOGFOLDER
fi
echo $( date )" - Starting installation of McAfee Agent" > $LOG
logme()
{
# Check to see if function has been called correctly
if [ -z "$1" ]
then
echo $( date )" - logme function call error: no text passed to function! Please recheck code!"
exit 1
fi
# Log the passed details
echo "" >> $LOG
echo $( date )" - "$1 >> $LOG
echo "" >> $LOG
}
# Check for existing McAfee agent. Upgrade if present. Full install if not.
if [ -d "/Library/McAfee/cma/" ]
then
    logme "Existing installation detected. Upgrading."
    /private/tmp/install.sh -u 2>&1 | tee -a ${LOG}
else
    logme " - Installing new McAfee Agent"
    /private/tmp/install.sh -i 2>&1 | tee -a ${LOG}
fi

# All done!
logme "Installation script completed"

MikaelDez
Contributor

@MichaelMcG Are you using the SmartInstall package? If so, that will not work correctly (from my experience anyway) you need the install.sh file which you can get from your McAfee admin.

MichaelMcG
New Contributor

@mike.desmarais thanks for the files, will retry now, and yes i am using the new McAfeeSmartInstall.sh but i thought both could be used? But i'll grab the install.sh too, thanks, will report back

MikaelDez
Contributor

@MichaelMcG My experiences with that package - it contains an app that runs an installer, and I couldn't get it to run silently and with zero interaction. It was a rabbit hole with Apple Script so that I could manipulate events and such. But the install.sh does the same thing, it's cleaner and from my searching - the preferred method of installing the McAfee Agent on macOS.

NYBGIT
New Contributor III

to get rid of the installer prompt using the McAfeeSmartInstall.sh, change line 46 in the script to "$temp_directory/$APP_FILE_NAME/Contents/MacOS/McAfeeSmartInstall" -c "/tmp/coninfo.xml" -s -g

This will make the script run without any admin prompts

sdagley
Honored Contributor II

@mike.desmarais Here is the postinstall script for my repackaging of the McAfee Agent install.sh and ENS component installers (extracted from your ePO) that will do a silent install: https://gist.github.com/sdagley/76e167fe32a60265dda8d761d2bc75b4. This version is for ENS 10.7.1, so you'd want to get the latest RipOff-McAfee script from the #mcafee channel on the MacAdmins Slack for use with 10.7.6.

MichaelMcG
New Contributor

@mike.desmarais Thanks got it to install now, my only issue is that when trying to open the apps results in an error 1 which if i remember was being that your version of McAfee isn't valid for that version of macOS

Thanks @sdagley I'll check out your script too