McAfee End point protect

slinxy
New Contributor II

Hi guys

I'm looking at setting up mcafee end point protect on to our self service and pushing it out to all our machines at the same time.

I have the DMG, but the setup of the software on default will install everything; we just looking at installing the treat protection (AV) part of the software.

Currently I'm installing it manaually using this script from mcafee themselves using the TP option.

!/bin/bash

if test $# -eq 1 then if test "$1" == "help" then echo "Parameters can be" echo "TP: Threat Prevention" echo "FW: FireWall" echo "WC: Web Control" echo "help : To see this help" exit 0 fi if test "$1" == "TP" then echo "<array>" >> /tmp/ProductDeploy.xml echo "<string>installer_choice_5</string>" >> /tmp/ProductDeploy.xml echo "<string>installer_choice_6</string>" >> /tmp/ProductDeploy.xml echo "</array>" >> /tmp/ProductDeploy.xml echo "Only TP will be installed." elif test "$1" == "FW" then echo "<array>" >> /tmp/ProductDeploy.xml echo "<string>installer_choice_4</string>" >> /tmp/ProductDeploy.xml echo "<string>installer_choice_6</string>" >> /tmp/ProductDeploy.xml echo "</array>" >> /tmp/ProductDeploy.xml echo "Only FW will be installed." elif test "$1" == "WC" then echo "<array>" >> /tmp/ProductDeploy.xml echo "<string>installer_choice_4</string>" >> /tmp/ProductDeploy.xml echo "<string>installer_choice_5</string>" >> /tmp/ProductDeploy.xml echo "</array>" >> /tmp/ProductDeploy.xml echo "Only WC will be installed." else echo "Parameters can be" echo "TP: Threat Prevention" echo "FW: FireWall" echo "WC: Web Control" echo "help : To see this help" exit 1 fi
elif test $# -eq 2
then if [[ ( "$1" == "TP" && "$2" == "FW" ) || ( "$1" == "FW" && "$2" == "TP" ) ]] then echo "<array>" >> /tmp/ProductDeploy.xml echo "<string>installer_choice_6</string>" >> /tmp/ProductDeploy.xml echo "</array>" >> /tmp/ProductDeploy.xml echo "Only TP and FW will be installed."

elif [[ ( "$1" == "FW" && "$2" == "WC" ) || ( "$1" == "WC" && "$2" == "FW" ) ]] then echo "<array>" >> /tmp/ProductDeploy.xml echo "<string>installer_choice_4</string>" >> /tmp/ProductDeploy.xml echo "</array>" >> /tmp/ProductDeploy.xml echo "Only FW and WC will be installed."

elif [[ ( "$1" == "TP" && "$2" == "WC" ) || ( "$1" == "WC" && "$2" == "TP" ) ]] then echo "<array>" >> /tmp/ProductDeploy.xml echo "<string>installer_choice_5</string>" >> /tmp/ProductDeploy.xml echo "</array>" >> /tmp/ProductDeploy.xml echo "Only TP and WC will be installed." else echo "Parameters can be" echo "TP: Threat Prevention" echo "FW: FireWall" echo "WC: Web Control" echo "help : To see this help" exit 1 fi
elif test $# -eq 3
then if [[ ( "$1" == "TP" && "$2" == "FW" && "$3" == "WC" ) || ( "$1" == "FW" && "$2" == "TP" && "$3" == "WC" ) || ( "$1" == "TP" && "$2" == "WC" && "$3" == "FW" ) || ( "$1" == "FW" && "$2" == "WC" && "$3" == "TP" ) || ( "$1" == "WC" && "$2" == "TP" && "$3" == "FW" ) || ( "$1" == "WC" && "$2" == "FW" && "$3" == "TP" ) ]] then echo "<array>" >> /tmp/ProductDeploy.xml echo "</array>" >> /tmp/ProductDeploy.xml echo "All FM's will be installed." else echo "Parameters can be" echo "TP: Threat Prevention" echo "FW: FireWall" echo "WC: Web Control" echo "help : To see this help" exit 1 fi
else echo "Invalid parameters:" echo "Parameters can be" echo "TP: Threat Prevention" echo "FW: FireWall" echo "WC: Web Control" exit 1
fi

hdiutil attach McAfee-*

installer -pkg /Volumes/McAfee-/McAfee-.pkg -target / -applyChoiceChangesXML /tmp/ProductDeploy.xml

hdiutil detach /Volumes/McAfee-*

rm /tmp/ProductDeploy.xml

What's the best way of automatting this?

Thanks in advance.

5 REPLIES 5

jason_bracy
Contributor III

It's actually a lot easier than that. I have a policy that puts the DMG and the product_deployment.sh file in a temp directory (but not in /temp, mine is /Library/installers/Mcafee/). Then I have a second policy that runs the following command:

#!/bin/sh
/Library/installers/Mcafee/product_deployment.sh TP

timlarsen
Contributor

I'll leave the script I use here in case it is of any use to the community. The prerequisite is to create a package that deploys both product_deployment.sh and McAfee_ENS_version_xxx.dmg to the location specified in "mcafeePath". Test and adjust for your environment accordingly (also make sure you have the correct flags for your McAfee environment, e.g. TP, FW, etc.) :-)

#!/bin/bash

## Created by Tim Larsen | 9/29/17

## Installs McAfee Agent 5.x and Endpoint Security for Mac 10.x
## As of this writing, both versions are compatible with macOS 10.12 and 10.13

### VARIABLES
mcafeePath="/private/var/yourcompany/mcafee"

### See if McAfee agent is already installed
if [ -e /Library/McAfee/agent/cmdagent ]; then
echo "Mc Agent Directory already exists, setting agent install mode to 'upgrade'"
agentMode="upgrade"
else echo "Mc Agent directory does not exist, setting agent install mode to 'install'"
agentMode="new"
fi

### STEP 1 - INSTALL THE AGENT
if [[ $agentMode == upgrade ]]; then
cd $mcafeePath; ./install.sh -u
else cd $mcafeePath; ./install.sh -i
fi

sleep 5

### STEP 2 - INSTALL THE ENS Software, Threat Prevention module and Firewall ONLY
sh $mcafeePath/product_deployment.sh TP FW

timlarsen
Contributor

I almost forgot. I also had to modify McAfee's "product_deployment" script to properly mount/unmount my DMG and point to my install files path. The below should replace everything after the final "fi" in McAfee's script:

mcafeePath=/private/var/yourcompany/mcafee
mcafeeDMG=$(find $mcafeePath -type f -name 'McAfee-*')

hdiutil attach $mcafeeDMG 

installer -pkg /Volumes/McAfee-*/McAfee-*.pkg -target / -applyChoiceChangesXML /tmp/ProductDeploy.xml

hdiutil detach /Volumes/McAfee-*

rm /tmp/ProductDeploy.xml

glennt
New Contributor II

Hi Tim et al,

I've done all of the above with specific reference to my institution and included your script of 04:26 yesterday as a post-install script within my Composer created deployment package. All required McAfee folders and files required are installed in their various locations (Library/McAfee, Library/Application Support/McAfee, etc/cma.d, etc/ma.d, var/McAfee) but when checking console logs I see the following crash errors:

Process: macmnsvc [1759]
Path: /Library/McAfee/*/macmnsvc
Identifier: macmnsvc
Version: ???
Code Type: X86-64 (Native)
Parent Process: launchd [1]
Responsible: macmnsvc [1759]
User ID: 0

Date/Time: 2018-05-17 12:08:35.609 +0100
OS Version: Mac OS X 10.13.4 (17E202)
Report Version: 12
Anonymous UUID: 58A5E493-E55E-97E4-4915-705444F008E2

Time Awake Since Boot: 1800 seconds

System Integrity Protection: enabled

Crashed Thread: 0

Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Termination Reason: DYLD, [0x4] Symbol missing

Application Specific Information:
dyld: launch, loading dependent libraries
DYLD_LIBRARY_PATH=/Library/McAfee/agent/bin:/Library/McAfee/agent/lib:/Library/McAfee/agent/lib/rsdk:/Library/McAfee/agent/lib/tools:/Library/McAfee/agent/lib/lib64:/Library/McAfee/agent/lib/lib64/rsdk:/Library/McAfee/agent/lib/lib64/tools

Dyld Error Message: Symbol not found: inflateValidate Referenced from: /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib Expected in: /Library/McAfee//libz.1.dylib in /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib

Process: macompatsvc [1697]
Path: /Library/McAfee/*/macompatsvc
Identifier: macompatsvc
Version: ???
Code Type: X86 (Native)
Parent Process: launchd [1]
Responsible: macompatsvc [1697]
User ID: 0

Date/Time: 2018-05-17 12:07:11.036 +0100
OS Version: Mac OS X 10.13.4 (17E202)
Report Version: 12
Anonymous UUID: 58A5E493-E55E-97E4-4915-705444F008E2

Time Awake Since Boot: 1700 seconds

System Integrity Protection: enabled

Crashed Thread: 0

Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Termination Reason: DYLD, [0x4] Symbol missing

Application Specific Information:
dyld: launch, loading dependent libraries
DYLD_LIBRARY_PATH=/Library/McAfee/agent/bin:/Library/McAfee/agent/lib:/Library/McAfee/agent/lib/rsdk:/Library/McAfee/agent/lib/tools

Dyld Error Message: Symbol not found: inflateValidate Referenced from: /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib Expected in: /Library/McAfee//libz.1.dylib in /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib

Process: macompatsvc [1697]
Path: /Library/McAfee/*/macompatsvc
Identifier: macompatsvc
Version: ???
Code Type: X86 (Native)
Parent Process: launchd [1]
Responsible: macompatsvc [1697]
User ID: 0

Date/Time: 2018-05-17 12:07:11.036 +0100
OS Version: Mac OS X 10.13.4 (17E202)
Report Version: 12
Anonymous UUID: 58A5E493-E55E-97E4-4915-705444F008E2

Time Awake Since Boot: 1700 seconds

System Integrity Protection: enabled

Crashed Thread: 0

Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Termination Reason: DYLD, [0x4] Symbol missing

Application Specific Information:
dyld: launch, loading dependent libraries
DYLD_LIBRARY_PATH=/Library/McAfee/agent/bin:/Library/McAfee/agent/lib:/Library/McAfee/agent/lib/rsdk:/Library/McAfee/agent/lib/tools

Dyld Error Message: Symbol not found: inflateValidate Referenced from: /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib Expected in: /Library/McAfee//libz.1.dylib in /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib

Process: maconfig [1678]
Path: /Library/McAfee/*/maconfig
Identifier: maconfig
Version: ???
Code Type: X86-64 (Native)
Parent Process: sh [867]
Responsible: maconfig [1678]
User ID: 0

Date/Time: 2018-05-17 12:07:04.496 +0100
OS Version: Mac OS X 10.13.4 (17E202)
Report Version: 12
Anonymous UUID: 58A5E493-E55E-97E4-4915-705444F008E2

Time Awake Since Boot: 1700 seconds

System Integrity Protection: enabled

Crashed Thread: 0

Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Termination Reason: DYLD, [0x4] Symbol missing

Application Specific Information:
dyld: launch, loading dependent libraries
DYLD_LIBRARY_PATH=/Library/McAfee/agent/bin:/Library/McAfee/agent/lib:/Library/McAfee/agent/lib/rsdk:/Library/McAfee/agent/lib/tools:/Library/McAfee/agent/lib/lib64:/Library/McAfee/agent/lib/lib64/rsdk:/Library/McAfee/agent/lib/lib64/tools:

Dyld Error Message: Symbol not found: inflateValidate Referenced from: /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib Expected in: /Library/McAfee//libz.1.dylib in /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib

Any ideas?

Thanks,

Glenn.

dmw3
Contributor III

McAfee End Point Protection (VSE) is depreciated as of macOS 10.12, McAfee End Point Security (ENS) is the beast that is now the flavour for macOS 10.12 and above.

The system extension for McAfee needs to be white listed in the JSS for ENS to be installed and working correctly on the client machines.