McAfee Endpoint Protection with ePO - Packaging Issues

ciwebs10
New Contributor

Hello all - there don't seem to be many (if any) posts about McAfee Endpoint Protection for Mac and strategies for packaging this application so I thought I would see what you all think. Deploying the flat package downloaded from my McAfee Enterprise account through a policy simply dumps the .pkg on the root of the drive, and using a snapshot package installs the software but yields the attached error when launched.

The package deploys and installs perfectly fine via ARD or DeployStudio, but I would prefer to use Casper.

external image link

As for the ePO script, I've been getting this error even after running ```
sudo sh install.sh -i
``` manually:

"The install failed (The Installer encountered an error that caused the installation to
fail. Contact the software manufacturer for assistance.)"

Gatekeeper is off, and the -allowUntrusted flag was added to the install.sh script to try to get it through.

Any ideas on how to get these two pieces deployed successfully via Casper Policy? My JumpStart was about a month ago, so please excuse my ignorance. Thanks in advance!

-Camden

1 ACCEPTED SOLUTION

ciwebs10
New Contributor

Thanks for the quick responses guys!

It actually turned out to not be a problem with Gatekeeper, but an issue with the cma.pkg that's embedded inside the install.sh script having an expired certificate signature due to the fact that it was simply out of date. Digging into the ePO server, I was able to make sure everything was updated and that all of the extensions were checked in. As opposed to deploying the Endpoint Protection software via Casper, I'm putting the ePO server to work and having it push out the software once the install.sh script is deployed via Casper policy.

Thanks again for your help on this, looks like I just need some McAfee training!

-Camden

View solution in original post

6 REPLIES 6

nkalister
Valued Contributor

since it's failing when you run it locally, there's a problem with the install that doesn't involve Casper. Check the /var/log/install.log file to see why the local installation failed. IT should give you enough info to resolve the problem.
As far as deploying with casper, you will need to deliver the agent's install.sh file to your clients, and then execute it using a postflight script. I made a package that drops the install.sh file into /var/tmp and executes from there. the GUI component's pkg can be just dropped into casper admin and deployed with no changes. If you're installing at image time, make sure to set both packages to install after reboot, and have the agent execute first.

franton
Valued Contributor III

The bother we've had with McAfee is due to them not signing their installers for Gatekeeper. Try turning it off and seeing if that helps.

ciwebs10
New Contributor

Thanks for the quick responses guys!

It actually turned out to not be a problem with Gatekeeper, but an issue with the cma.pkg that's embedded inside the install.sh script having an expired certificate signature due to the fact that it was simply out of date. Digging into the ePO server, I was able to make sure everything was updated and that all of the extensions were checked in. As opposed to deploying the Endpoint Protection software via Casper, I'm putting the ePO server to work and having it push out the software once the install.sh script is deployed via Casper policy.

Thanks again for your help on this, looks like I just need some McAfee training!

-Camden

Olivier
New Contributor II

We hit this issue as well, and as Apple certs expire after 1 year, don't forget to set a reminder in 12 months in your calendar ;-).

JasonL01
New Contributor

Hey Guys I'm having problems deploying this as well. I'm able to deploy the install.sh as a policy but i can't get it to install the endpoint protection. Do you guys have the step taken to make it work?

Thanks.

Jpcorzo
Contributor

@GCJason

i have multiple policies tied together to smoothly install McAfee endpoint.
1st policy caches the dmg and the install.sh on the device -> then triggers 2nd policy
2nd policy runs a script to mount the dmg and install the flat pkg, also runs the install.sh -> triggers 3rd policy
3rd policy, deletes the cached files and unmounts the McAfee dmg

On the script that mounts the dmg, i had to use unsigned certificates to make it work, I will probably need to check with the ePO guys to make sure all certificates are updated as @Ciwebs10 mentioned.

Hope it helps