- Jamf Nation Community
- Products
- Jamf Pro
- McAfee End point protect
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
McAfee End point protect
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-16-2018 02:39 AM
Hi guys
I'm looking at setting up mcafee end point protect on to our self service and pushing it out to all our machines at the same time.
I have the DMG, but the setup of the software on default will install everything; we just looking at installing the treat protection (AV) part of the software.
Currently I'm installing it manaually using this script from mcafee themselves using the TP option.
!/bin/bash
if test $# -eq 1
then
if test "$1" == "help"
then
echo "Parameters can be"
echo "TP: Threat Prevention"
echo "FW: FireWall"
echo "WC: Web Control"
echo "help : To see this help"
exit 0
fi
if test "$1" == "TP"
then
echo "<array>" >> /tmp/ProductDeploy.xml
echo "<string>installer_choice_5</string>" >> /tmp/ProductDeploy.xml
echo "<string>installer_choice_6</string>" >> /tmp/ProductDeploy.xml
echo "</array>" >> /tmp/ProductDeploy.xml
echo "Only TP will be installed."
elif test "$1" == "FW"
then
echo "<array>" >> /tmp/ProductDeploy.xml
echo "<string>installer_choice_4</string>" >> /tmp/ProductDeploy.xml
echo "<string>installer_choice_6</string>" >> /tmp/ProductDeploy.xml
echo "</array>" >> /tmp/ProductDeploy.xml
echo "Only FW will be installed."
elif test "$1" == "WC"
then
echo "<array>" >> /tmp/ProductDeploy.xml
echo "<string>installer_choice_4</string>" >> /tmp/ProductDeploy.xml
echo "<string>installer_choice_5</string>" >> /tmp/ProductDeploy.xml
echo "</array>" >> /tmp/ProductDeploy.xml
echo "Only WC will be installed."
else
echo "Parameters can be"
echo "TP: Threat Prevention"
echo "FW: FireWall"
echo "WC: Web Control"
echo "help : To see this help"
exit 1
fi
elif test $# -eq 2
then
if [[ ( "$1" == "TP" && "$2" == "FW" ) || ( "$1" == "FW" && "$2" == "TP" ) ]]
then
echo "<array>" >> /tmp/ProductDeploy.xml
echo "<string>installer_choice_6</string>" >> /tmp/ProductDeploy.xml
echo "</array>" >> /tmp/ProductDeploy.xml
echo "Only TP and FW will be installed."
elif [[ ( "$1" == "FW" && "$2" == "WC" ) || ( "$1" == "WC" && "$2" == "FW" ) ]] then echo "<array>" >> /tmp/ProductDeploy.xml echo "<string>installer_choice_4</string>" >> /tmp/ProductDeploy.xml echo "</array>" >> /tmp/ProductDeploy.xml echo "Only FW and WC will be installed."
elif [[ ( "$1" == "TP" && "$2" == "WC" ) || ( "$1" == "WC" && "$2" == "TP" ) ]]
then
echo "<array>" >> /tmp/ProductDeploy.xml
echo "<string>installer_choice_5</string>" >> /tmp/ProductDeploy.xml
echo "</array>" >> /tmp/ProductDeploy.xml
echo "Only TP and WC will be installed."
else
echo "Parameters can be"
echo "TP: Threat Prevention"
echo "FW: FireWall"
echo "WC: Web Control"
echo "help : To see this help"
exit 1
fi
elif test $# -eq 3
then
if [[ ( "$1" == "TP" && "$2" == "FW" && "$3" == "WC" ) || ( "$1" == "FW" && "$2" == "TP" && "$3" == "WC" ) || ( "$1" == "TP" && "$2" == "WC" && "$3" == "FW" ) || ( "$1" == "FW" && "$2" == "WC" && "$3" == "TP" ) || ( "$1" == "WC" && "$2" == "TP" && "$3" == "FW" ) || ( "$1" == "WC" && "$2" == "FW" && "$3" == "TP" ) ]]
then
echo "<array>" >> /tmp/ProductDeploy.xml
echo "</array>" >> /tmp/ProductDeploy.xml
echo "All FM's will be installed."
else
echo "Parameters can be"
echo "TP: Threat Prevention"
echo "FW: FireWall"
echo "WC: Web Control"
echo "help : To see this help"
exit 1
fi
else
echo "Invalid parameters:"
echo "Parameters can be"
echo "TP: Threat Prevention"
echo "FW: FireWall"
echo "WC: Web Control"
exit 1
fi
hdiutil attach McAfee-*
installer -pkg /Volumes/McAfee-/McAfee-.pkg -target / -applyChoiceChangesXML /tmp/ProductDeploy.xml
hdiutil detach /Volumes/McAfee-*
rm /tmp/ProductDeploy.xml
What's the best way of automatting this?
Thanks in advance.
Labels:
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-16-2018 11:25 AM
It's actually a lot easier than that. I have a policy that puts the DMG and the product_deployment.sh file in a temp directory (but not in /temp, mine is /Library/installers/Mcafee/). Then I have a second policy that runs the following command:
#!/bin/sh
/Library/installers/Mcafee/product_deployment.sh TP
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-17-2018 08:26 AM
I'll leave the script I use here in case it is of any use to the community. The prerequisite is to create a package that deploys both product_deployment.sh and McAfee_ENS_version_xxx.dmg to the location specified in "mcafeePath". Test and adjust for your environment accordingly (also make sure you have the correct flags for your McAfee environment, e.g. TP, FW, etc.) :-)
#!/bin/bash
## Created by Tim Larsen | 9/29/17
## Installs McAfee Agent 5.x and Endpoint Security for Mac 10.x
## As of this writing, both versions are compatible with macOS 10.12 and 10.13
### VARIABLES
mcafeePath="/private/var/yourcompany/mcafee"
### See if McAfee agent is already installed
if [ -e /Library/McAfee/agent/cmdagent ]; then
echo "Mc Agent Directory already exists, setting agent install mode to 'upgrade'"
agentMode="upgrade"
else echo "Mc Agent directory does not exist, setting agent install mode to 'install'"
agentMode="new"
fi
### STEP 1 - INSTALL THE AGENT
if [[ $agentMode == upgrade ]]; then
cd $mcafeePath; ./install.sh -u
else cd $mcafeePath; ./install.sh -i
fi
sleep 5
### STEP 2 - INSTALL THE ENS Software, Threat Prevention module and Firewall ONLY
sh $mcafeePath/product_deployment.sh TP FWOptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-17-2018 08:39 AM
I almost forgot. I also had to modify McAfee's "product_deployment" script to properly mount/unmount my DMG and point to my install files path. The below should replace everything after the final "fi" in McAfee's script:
mcafeePath=/private/var/yourcompany/mcafee
mcafeeDMG=$(find $mcafeePath -type f -name 'McAfee-*')
hdiutil attach $mcafeeDMG
installer -pkg /Volumes/McAfee-*/McAfee-*.pkg -target / -applyChoiceChangesXML /tmp/ProductDeploy.xml
hdiutil detach /Volumes/McAfee-*
rm /tmp/ProductDeploy.xml
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-18-2018 05:52 AM
Hi Tim et al,
I've done all of the above with specific reference to my institution and included your script of 04:26 yesterday as a post-install script within my Composer created deployment package. All required McAfee folders and files required are installed in their various locations (Library/McAfee, Library/Application Support/McAfee, etc/cma.d, etc/ma.d, var/McAfee) but when checking console logs I see the following crash errors:
Process: macmnsvc [1759]
Path: /Library/McAfee/*/macmnsvc
Identifier: macmnsvc
Version: ???
Code Type: X86-64 (Native)
Parent Process: launchd [1]
Responsible: macmnsvc [1759]
User ID: 0
Date/Time: 2018-05-17 12:08:35.609 +0100
OS Version: Mac OS X 10.13.4 (17E202)
Report Version: 12
Anonymous UUID: 58A5E493-E55E-97E4-4915-705444F008E2
Time Awake Since Boot: 1800 seconds
System Integrity Protection: enabled
Crashed Thread: 0
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: DYLD, [0x4] Symbol missing
Application Specific Information:
dyld: launch, loading dependent libraries
DYLD_LIBRARY_PATH=/Library/McAfee/agent/bin:/Library/McAfee/agent/lib:/Library/McAfee/agent/lib/rsdk:/Library/McAfee/agent/lib/tools:/Library/McAfee/agent/lib/lib64:/Library/McAfee/agent/lib/lib64/rsdk:/Library/McAfee/agent/lib/lib64/tools
Dyld Error Message: Symbol not found: inflateValidate Referenced from: /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib Expected in: /Library/McAfee//libz.1.dylib in /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
Process: macompatsvc [1697]
Path: /Library/McAfee/*/macompatsvc
Identifier: macompatsvc
Version: ???
Code Type: X86 (Native)
Parent Process: launchd [1]
Responsible: macompatsvc [1697]
User ID: 0
Date/Time: 2018-05-17 12:07:11.036 +0100
OS Version: Mac OS X 10.13.4 (17E202)
Report Version: 12
Anonymous UUID: 58A5E493-E55E-97E4-4915-705444F008E2
Time Awake Since Boot: 1700 seconds
System Integrity Protection: enabled
Crashed Thread: 0
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: DYLD, [0x4] Symbol missing
Application Specific Information:
dyld: launch, loading dependent libraries
DYLD_LIBRARY_PATH=/Library/McAfee/agent/bin:/Library/McAfee/agent/lib:/Library/McAfee/agent/lib/rsdk:/Library/McAfee/agent/lib/tools
Dyld Error Message: Symbol not found: inflateValidate Referenced from: /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib Expected in: /Library/McAfee//libz.1.dylib in /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
Process: macompatsvc [1697]
Path: /Library/McAfee/*/macompatsvc
Identifier: macompatsvc
Version: ???
Code Type: X86 (Native)
Parent Process: launchd [1]
Responsible: macompatsvc [1697]
User ID: 0
Date/Time: 2018-05-17 12:07:11.036 +0100
OS Version: Mac OS X 10.13.4 (17E202)
Report Version: 12
Anonymous UUID: 58A5E493-E55E-97E4-4915-705444F008E2
Time Awake Since Boot: 1700 seconds
System Integrity Protection: enabled
Crashed Thread: 0
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: DYLD, [0x4] Symbol missing
Application Specific Information:
dyld: launch, loading dependent libraries
DYLD_LIBRARY_PATH=/Library/McAfee/agent/bin:/Library/McAfee/agent/lib:/Library/McAfee/agent/lib/rsdk:/Library/McAfee/agent/lib/tools
Dyld Error Message: Symbol not found: inflateValidate Referenced from: /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib Expected in: /Library/McAfee//libz.1.dylib in /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
Process: maconfig [1678]
Path: /Library/McAfee/*/maconfig
Identifier: maconfig
Version: ???
Code Type: X86-64 (Native)
Parent Process: sh [867]
Responsible: maconfig [1678]
User ID: 0
Date/Time: 2018-05-17 12:07:04.496 +0100
OS Version: Mac OS X 10.13.4 (17E202)
Report Version: 12
Anonymous UUID: 58A5E493-E55E-97E4-4915-705444F008E2
Time Awake Since Boot: 1700 seconds
System Integrity Protection: enabled
Crashed Thread: 0
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: DYLD, [0x4] Symbol missing
Application Specific Information:
dyld: launch, loading dependent libraries
DYLD_LIBRARY_PATH=/Library/McAfee/agent/bin:/Library/McAfee/agent/lib:/Library/McAfee/agent/lib/rsdk:/Library/McAfee/agent/lib/tools:/Library/McAfee/agent/lib/lib64:/Library/McAfee/agent/lib/lib64/rsdk:/Library/McAfee/agent/lib/lib64/tools:
Dyld Error Message: Symbol not found: inflateValidate Referenced from: /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib Expected in: /Library/McAfee//libz.1.dylib in /System/Library/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
Any ideas?
Thanks,
Glenn.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-20-2018 03:26 PM
McAfee End Point Protection (VSE) is depreciated as of macOS 10.12, McAfee End Point Security (ENS) is the beast that is now the flavour for macOS 10.12 and above.
The system extension for McAfee needs to be white listed in the JSS for ENS to be installed and working correctly on the client machines.
