McAfee Endpoint Security PPPC

MikaelDez
Contributor

Hey everyone,

I would like to create a PPPC config file to allow McAfee to install without macOS blocking its system extension. Following this link: https://kc.mcafee.com/corporate/index?page=content&id=KB91109
it tells me the PPPC profile key needs to be "SystemPolicyAllFiles". Using PPPC Utility, has anyone successfully accomplished what I'm trying to do?

Essentially I want to push Endpoint Security and it not prompt the user to allow the extension.

Thanks,
Mike

84 REPLIES 84

sdagley
Esteemed Contributor II

@rstasel I keep a macOS VM around for @talkingmoose's Choices-Packager and have never tried it on something newer than Mojave.

rstasel
Valued Contributor

@sdagley So I'm looking at the postinstall script more, and ripping apart "McAfee-Endpoint-Security-for-Mac-10.7.5-RTW-standalone-266.pkg" (or 10.7.1) just with pkgutil --expand, and I get stuff like "AntiMalware.pkg", "cma_raw.pkg", "FMP.pkg". I know cma_raw.pkg is the agent, and some of the other stuff makes sense, but none of it matches what you've got in your script which includes version numbers, etc.

So how are you getting those pkgs? I must be missing something... I also don't see a way to grab them directly from my ePO, but that may be permission based. I can grab the agent, but that's about it.

Thanks!

rstasel
Valued Contributor

Correction... just looked at McAfee site again, and found the individual installers.

I'm dumb...

MikaelDez
Contributor

Testing out 10.7.5, Threat Prevention is disabled upon installation (this is something I have not found a fix for even in past ENS installs, I was hoping this new version would be different) however, this time when turning on TP manually, I'm met with this error:

51a1452dfc6246d5b3ae29eb94d09569

I have a whole whitelist for PPPC in Jamf, here are the three that this popup refers to:

e3128744931a40eea81ae676b8c193bd

a7ae0f536cde421fb895e15391156fdb

9ccabf6b7c9f4534a1be206dc4527ef2

Any thoughts?

sdagley
Esteemed Contributor II

@mikedesmarais Looks like you haven't granted SystemPolicyAllFiles to /usr/local/McAfee/AntiMalware/VShieldScanManager.app

See https://kc.mcafee.com/corporate/index?page=content&id=KB91109 for the current PPPC requirements

MikaelDez
Contributor

@sdagley I did, my screenshot is bad I meant to include that! I'm trying to get it going with McAfee's PPPC profile from their site now, maybe I'll have better luck there.

sdagley
Esteemed Contributor II

@rstasel It's just a matter of digging until you find the files needed :-) I'm glad you found them as I don't know their exact origin. I just get occasional drops from our McAfee team with the message "New ENS bits from ePO..."

MikaelDez
Contributor

@sdagley I ended up using the McAfee profile instead of manually entering them in Jamf and it worked like a charm. I followed the choicesXML method to forego installing Firewall and that also worked. Thanks everyone!

rstasel
Valued Contributor

@mikedesmarais How did you end up wrapping the choicesxml file with installer?

I'm still torn on using choicesxml or packaging up using @sdagley's postinstall.

And yeah, I used the mcafee profiles. Had to sign the one since prior to 10.26 you couldn't do web extension profiles.

the piece that makes me want to do post-install method is being able to included a managed agent rather than having to install ENMS, then uninstall agent (since you can't install same version of agent over the top of itself, it'll fail), then reinstall managed version of agent.

MikaelDez
Contributor

@rstasel I used Composer, dropped the McAfee 10.7.5 installer and the choices.xml file in tmp, and added a post install script within Composer "installer -applyChoiceChangesXML path to xml file -pkg path to McAfee package -target /"

sdagley
Esteemed Contributor II

@mikedesmarais I have the same question as @rstasel, when you're using the McAfee installer how do you get the agent for your ePO instance installed?

MikaelDez
Contributor

@sdagley I have the agent as a separate policy altogether. That policy excludes macs in a smart group with the latest agent installed, and if they don't have the latest, it uninstalls the agent altogether and install the latest version that I've received from my McAfee admin. So currently they're two separate policies, which may not be the best method of going about this, I just haven't had much support from my security team other than "here is the latest install for the agent and ENS". It's messy...

rstasel
Valued Contributor

Right. The issue I found when testing 10.7.5 is that includes 5.6.6 hotfix 1, which means when you install it, then go to install the managed agent, the managed agent fails to install cause it won't install over itself (it WILL if the existing one is older). So you end up with this convoluted install ENS 10.7.5, uninstall agent, reinstall managed agent. I was thinking maybe with your postinstall, I could just bundle the managed agent. =) Doesn't OVERLY matter... but figured it might save a step.

The biggest pain at this point is the different ENS installs for different OS's. =/

MikaelDez
Contributor

For sure. I have a few film/video labs still on Mojave because the instructors are wary of upgrading the OS, so I have two policies now, one for 10.7.1 and one for 10.7.5 for the rest of the fleet. At this point after months of back and forth with my security team, google and this forum I'm content with what I have, at least for the holidays, maybe in the spring I'll try and streamline it haha

rstasel
Valued Contributor

are you using a managed agent?

rstasel
Valued Contributor

well, I can say using the post-install with the individual installer pieces, and the managed client, works perfectly. I built a 10.7.5 pkg and installs Threat Prevention, and the managed client, and assuming all the PPPC and SE config profiles are in place, it installs completely silently on macOS 10.5.7 and macOS 11. Also built 10.7.1 and 10.6.4 installers so smart groups just scope each one and a single policy fires them off. Works great! Thank you @sdagley

sdagley
Esteemed Contributor II

Glad to hear it @rstasel. I'm waiting on my McAfee team to update to the 10.7.5 compatible agent, so haven't packaged that one yet. Were there any significant changes needed for the 10.7.5 ENS installers?

Durgule
New Contributor II

Hello Guys/
Does anyone have a macfee 5.7.0 agant .sh script? If so can you please provide me the script

sdagley
Esteemed Contributor II

@Durgule You need the McAfee Agent 5.7.0 install.sh script specific to your installation

Durgule
New Contributor II

@sdagley:- Yes i need that for installation and I will add that script into the jamf policy and deploy it on Big Sur

sdagley
Esteemed Contributor II

@Durgule Let me be a little more verbose... An install.sh for the McAfee Agent will contain the specific configuration for the McAfee installation it was generated by. You can not use an install.sh generated be a different McAfee installation than your own. You will need whoever is responsible for your McAfee installation to provide the script.

rstasel
Valued Contributor

Correct. You'll need to get the install.sh agent install file from your McAfee EPO admin. @Durgule

Durgule
New Contributor II

@ rstasel & @sdagley. Yes I have that file.which has been provided our security team and they have downloaded from ePO console. now I need help how I can bend that threat priventation .pkg and agent install.she in single policy

glennt
New Contributor II

Hi I'm having real problems with the install.sh on macOS 11.1. I've tried just about everything suggested but keep receiving the following error:

Checksumming whole disk (Apple_HFS : 0)… whole disk (Apple_HFS : 0): verified CRC32 $F0E23273
verified CRC32 $2938B982
hdiutil: attach failed - no mountable file systems
expected CRC32 $2938B982
hdiutil: attach failed - no mountable file systems

I've chmodded the install.sh and run as root, I can see the hidden (no entry) folder being created in /Volumes but no matter what I've tried I always get the above error. I have all the PPPC & kext stuff in place and just about everything else recommended by McAfee and the above contributors - please help (if you can).

sdagley
Esteemed Contributor II

@Durgule You'll need to create a .pkg installer with Composer and deploy it via a policy. This post above: https://www.jamf.com/jamf-nation/discussions/36443/mcafee-endpoint-security-pppc#responseChild209589 provides a link to a postinstall script that shows how you can run the install.sh file and install the ENS module .pkg files.

glennt
New Contributor II

@sdagley That's exactly how I have been deploying McAfee since 2018, but this does not work with macOS 11.1 for me. I only ran the install.sh script locally to to try and find out why my current deployment (which works absolutely fine on macOS 10.15.7 using using McAfee agent version 10.7.5) wasn't working on macOS 11.1. I will however give your post install solution a go though. Thanks for responding. Oh & Happy New Year to you😎

sdagley
Esteemed Contributor II

@glennt I don't know why you're getting the install failure you describe, but a 10.7.5 install .pkg I built with a slightly updated version of that postinstall script and the install.sh for McAfee Agent 5.7.0.194 with the ENS 10.7.5 components is working ok on my M1 MacBook Air with 11.1, and my Intel 11.1 test systems.

glennt
New Contributor II

@sdagley Would you mind sharing/pointing me to your updated post install? Thanks.

sdagley
Esteemed Contributor II

@glennt I haven't sanitized the new version yet, but it's basically just removing the lines related to kextless install since they're no longer applicable, so the older 10.7.1 script should get you started.

glennt
New Contributor II

@sdagley That's great thanks for all your help, I'll let you know how I get on.

glennt
New Contributor II

@sdagley OK so I've tried again pushing the package & post install from Jamf but: a) the install.sh does not create a /Library/Mcafee folder or /Library/Application Support/McAfee folder &: b) I see the install.sh no-entry folder appear in /Volumes (which confirms the install.sh has been triggered) and then disappears, which brings me right back to the no mountable filesystems error!

mario_magnus
New Contributor II

Hi, we got it working with Rob from Jamf.
For this, the install.sh script was adapted (we install threat prevention and the firewall) in 3 parts.

  1. The version 10.7.5 package of McAfee Endpoint Security
    074649df75eb44129f461b9396814060

  2. the script:
    b7a23509dca446e88e5b11ff25afb496

  3. the configuration profile with PPPC, system extensions and content filter (see screenshots):

PPPC:
Identifier: / usr / local / McAfee / fmp / bin64 / fmpd
Identifier Type: Path
Code Requirement: identifier fmpd and anchor apple generic and certificate 1 [field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf [field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf [subject.OU] = GT8P3H7SPW

Identifier: / usr / local / McAfee / AntiMalware / VShieldScanner
Identifier Type: Path
Code Requirement: identifier VShieldScanner and anchor apple generic and certificate 1 [field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf [field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf [subject.OU] = GT8P3H7SPW

Identifier: com.mcafee.tp.endpointsecurity
Identifier Type: Bundle ID
Code Requirement: anchor apple generic and identifier "com.mcafee.tp.endpointsecurity" and (certificate leaf [field.1.2.840.113635.100.6.1.9] / exists / or certificate 1 [field.1.2.840.113635.100.6.2.6 ] / exists / and certificate leaf [field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf [subject.OU] = GT8P3H7SPW)

System extensions:
Allowed Team IDs and System Extensions
Display Name: McAfee Network Extension
System Extension Type: Allowed System Extensions
Team Identifier: GT8P3H7SPW
Allowed System Extensions: com.mcafee.CMF.networkextension
com.mcafee.CMF.endpointsecurity

140ed50989284123950fc16531115997
bc3262c182db4634ad894ecc24749717

I have attached the mobileconfig here ... McAfee mobileconfig

glennt
New Contributor II

@mario.magnus Thanks for the post, all suggestions very welcome!

glennt
New Contributor II

@sdagley @mario.magnus I'm ok with all the PPPCs etc I simply need the install.sh to run successfully as once the agent is installed and communicated with EPO the device will pull in everything required from EPO automatically (as it does currently on macOS 10.15.7 devices). I've attached the Terminal output of my most recent attempt:

tomg2@JAMFDEVB-01 ~ % sudo bash -x /Users/tomg2/Desktop/install.sh -i
dest=/tmp/RelayServer.ini
PATH=/usr/bin:/bin:/usr/sbin/
umask 022
NATIVE_INSTALLER_FILE=MFEma.x86_64.dmg
command=/Users/tomg2/Desktop/install.sh
install=
upgrade=
extract=
directory=
unzip_exe_size=161168
cloud=
min_epo_version=5.1.1
+ id
cut -d= -f2
cut '-d(' -f1
user=0
'[' 0 -ne 0 ']'
'[' 1 -eq 0 ']'
getopts e:irc:ubh:g:t:o:R:f opt
case "$opt" in
install=yes
expr 2 - 1
value=1
getopts e:irc:ubh:g:t:o:R:f opt
shift 1
'[' '!' -z '' ']'
updateserverinfo=yes
returncode=0
keydata_dir=/Library/McAfee/agent/keydata
'[' '!' -z '' ']'
'[' '!' -z '' ']'
'[' '!' -z '' ']'
'[' '!' -z '' ']'
'[' '!' -z '' ']'
'[' '!' -z yes ']'
'[' '!' -z '' ']'
'[' -z yes ']'
+ uname -m
arch=x86_64
arch_bit=32
'[' x86_64 == x86_64 ']'
'[' '' '!=' 32 ']'
arch_bit=64
+ /usr/bin/sw_vers -productVersion
platform_ver=11.1
+ echo 11.1
cut -d. -f1
major_version=11
+ echo 11.1
cut -d. -f2
minor_version=1
+ echo 11.1
cut -d. -f3
micro_version=
'[' -z '' ']'
micro_version=0
PLATFORM_VERSION=721152
MIN_PLATFORM_VERSION=658688
'[' 721152 -lt 658688 ']'
echo bit-64
bit-64
'[' 64 == 32 ']'
'[' -e /Volumes/MFEMA ']'
+ /usr/sbin/pkgutil --pkgs=comp.nai.cmamac
cma=
'[' '' = comp.nai.cmamac ']'
'[' '!' -z '' ']'
+ mktemp -d mfeXXXXXX
temp_directory=mfeT5FKdG
'[' -f /etc/cma.d/bootstrap.xml ']'
'[' -z '' ']'
directory=mfeT5FKdG
'[' -f mfeT5FKdG ']'
'[' '!' -e mfeT5FKdG ']'
'[' '!' -z '' ']'
'[' '!' -z '' ']'
'[' -e mfeT5FKdG ']'
'[' -z '' ']'
stat -f %z /Users/tomg2/Desktop/install.sh
required_space=10139870
+ expr 10139870 '' 2
required_space=20279740
echo space required to copy archive is 20279740 bytes
space required to copy archive is 20279740 bytes
df -k mfeT5FKdG
tail -n -1
awk '{if ( $4 ~ /%/) { print $3 } else { print $4 } }'
available_space=215138268
+ expr 215138268 '
' 1024
available_space=220301586432
echo space available at mfeT5FKdG is 220301586432 bytes
space available at mfeT5FKdG is 220301586432 bytes
'[' 20279740 -gt 220301586432 ']'
echo 'extracting archive to mfeT5FKdG... please wait'
extracting archive to mfeT5FKdG... please wait
awk '/^ARCHIVE_FOLLOWS/ { print NR 1; exit 0; }' /Users/tomg2/Desktop/install.sh
SKIP=537
tail 537 /Users/tomg2/Desktop/install.sh
block_size=512
+ expr 161168 / 512
nblocks=314
+ expr 161168 % 512
remainder=400
'[' 0 '!=' 400 ']'
expr 314 1
nblocks=315
dd if=mfeT5FKdG/payload of=mfeT5FKdG/unz bs=512 count=315
315+0 records in
315+0 records out
161280 bytes transferred in 0.002270 secs (71048981 bytes/sec)
dd if=mfeT5FKdG/payload of=mfeT5FKdG/package.zip bs=512 skip=315
19460+1 records in
19460+1 records out
9963872 bytes transferred in 0.085961 secs (115911402 bytes/sec)
chmod x mfeT5FKdG/unz
unzip -j -o mfeT5FKdG/package.zip -d mfeT5FKdG
Archive: mfeT5FKdG/package.zip inflating: mfeT5FKdG/MFEma.x86_64.dmg inflating: mfeT5FKdG/DXL.zip inflating: mfeT5FKdG/reqseckey.bin inflating: mfeT5FKdG/srpubkey.bin inflating: mfeT5FKdG/sitelist.xml inflating: mfeT5FKdG/req2048seckey.bin inflating: mfeT5FKdG/sr2048pubkey.bin inflating: mfeT5FKdG/agentfipsmode inflating: mfeT5FKdG/agent.ini inflating: mfeT5FKdG/RepoKeys.ini inflating: mfeT5FKdG/contrib.ini rm -rf mfeT5FKdG/package.zip
rm -rf mfeT5FKdG/unz
keydata_dir=/var/McAfee/agent/keydata
'[' -z '' ']'
export MA_SITEINFO_PATH=/var/McAfee/agent/keydata
MA_SITEINFO_PATH=/var/McAfee/agent/keydata
'[' -n yes ']'
'[' yes = yes ']'
mkdir -p /var/McAfee/agent/keydata
returncode=0
'[' 0 -ne 0 ']'
sed -n '/SpipeSite./s/. Version="([^"])"./1/p' mfeT5FKdG/sitelist.xml
epo_version=5.10.0
'[' -f /Library/McAfee/cma/scratch/etc/SiteList.xml ']'
'[' '!' -z 5.10.0 ']'
+ check_epo_version_support 5.1.1 5.10.0
+ echo 5.1.1
+ cut -d. -f1
min_v1=5
+ echo 5.1.1
+ cut -d. -f2
min_v2=1
+ echo 5.1.1
+ cut -d. -f3
min_v3=1
+ echo 5.10.0
+ cut -d. -f1
v1=5
+ echo 5.10.0
+ cut -d. -f2
v2=10
+ echo 5.10.0
+ cut -d. -f3
v3=0
'[' x5 = x ']'
'[' x10 = x ']'
'[' x0 = x ']'
result=1
'[' 5 -lt 5 ']'
'[' 5 -gt 5 ']'
'[' 10 -lt 1 ']'
'[' 10 -gt 1 ']'
result=1
echo 1
ok=1
'[' 1 -eq 0 ']'
mv -f /tmp/RelayServer.ini /var/McAfee/agent/keydata
chmod 755 /var/McAfee/agent/keydata/RelayServer.ini
cp -f mfeT5FKdG/sitelist.xml /var/McAfee/agent/keydata/SiteList.xml
cp -f mfeT5FKdG/srpubkey.bin /var/McAfee/agent/keydata
cp -f mfeT5FKdG/reqseckey.bin /var/McAfee/agent/keydata
cp -f mfeT5FKdG/sr2048pubkey.bin /var/McAfee/agent/keydata
cp -f mfeT5FKdG/req2048seckey.bin /var/McAfee/agent/keydata
cp -f mfeT5FKdG/agentfipsmode /var/McAfee/agent/keydata/agentfipsmode
cp -f mfeT5FKdG/RepoKeys.ini /var/McAfee/agent/keydata/RepoKeys.ini
'[' -f /Library/McAfee/cma/scratch/keystore/agentprvkey.bin ']'
'[' -f /Library/McAfee/cma/scratch/keystore/agentpubkey.bin ']'
'[' '!' -f /var/McAfee/agent/keydata/SiteList.xml ']'
'[' '!' -f /var/McAfee/agent/keydata/srpubkey.bin ']'
'[' '!' -f /var/McAfee/agent/keydata/reqseckey.bin ']'
'[' '!' -f /var/McAfee/agent/keydata/sr2048pubkey.bin ']'
'[' '!' -f /var/McAfee/agent/keydata/req2048seckey.bin ']'
mktemp -d /Volumes/MFEMAXXXXX
MA_DMG_MP=/Volumes/MFEMA0kGv2
'[' 0 -ne 0 ']'
'[' -z /Volumes/MFEMA0kGv2 ']'
hdiutil attach -noverify -nomount -nobrowse mfeT5FKdG/MFEma.x86_64.dmg
/dev/disk2
hdiutil attach -nobrowse mfeT5FKdG/MFEma.x86_64.dmg -mountpoint /Volumes/MFEMA0kGv2
Checksumming whole disk (Apple_HFS : 0)…
............................................................................... whole disk (Apple_HFS : 0): verified CRC32 $F0E23273
verified CRC32 $2938B982
hdiutil: attach failed - no mountable file systems
'[' 1 -ne 0 ']'
hdiutil attach mfeT5FKdG/MFEma.x86_64.dmg -mountpoint /Volumes/MFEMA0kGv2
expected CRC32 $2938B982
hdiutil: attach failed - no mountable file systems
'[' '!' -z '' ']'
'[' -f /etc/ma.d/.upgradeagentonly.txt ']'
'[' '!' -z '' ']'
rm -f /var/McAfee/agent/keydata/.force
'[' '!' -z '' ']'
returncode=0
'[' -z '' ']'
pwd
mypwd=/Users/tomg2
cd /Volumes/MFEMA0kGv2
echo IsLegacyEPO:N
echo ConfigDirPath:/Volumes/MFEMA0kGv2
echo StartService:Y
flag=1
/usr/bin/sw_vers
grep ProductVersion
cut -d: -f2
pltvrsn=' 11.1'
+ echo 11.1
cut -d. -f1
majvrsn=11
+ echo 11.1
cut -d. -f2
minvrsn=1
'[' -f /Library/McAfee/agent/bin/maconfig ']'
(( 11>=10 && 1>=6 && 1 ))
'[' -n '' ']'
'[' -f /etc/cma.d/.upgrade ']'
sudo /usr/sbin/installer -dumplog -pkg ma.pkg -target /
Jan 6 08:54:13 installer[1499] <Critical>: PFPkg: No file found at path: /Volumes/MFEMA0kGv2/ma.pkg
Jan 6 08:54:13 installer[1499] <Critical>: PFPackage::packageWithURL - can't instantiate package: /Volumes/MFEMA0kGv2/ma.pkg
installer: Error - the package path specified was invalid: 'ma.pkg'.
returncode=1
sleep 5
cd /Users/tomg2
hdiutil detach /Volumes/MFEMA0kGv2
hdiutil: detach failed - No such file or directory
rm -rf /etc/mainstall.config
contribInstallation mfeT5FKdG
directory=mfeT5FKdG
cd mfeT5FKdG
pwd
echo 'installing client extension from : /Users/tomg2/mfeT5FKdG'
installing client extension from : /Users/tomg2/mfeT5FKdG
'[' -f contrib.ini ']'
cat contrib.ini
grep -i contrib.count
cut -d= -f2
tr -d '[:space:]'
CONTRIB_COUNT=1
echo 'Product count is : 1'
Product count is : 1
ccount=0
'[' 0 -lt 1 ']'
cat contrib.ini
grep -i contrib.0
cut -d= -f2
tr -d '[:space:]'
Product_zip=DXL.zip
echo 'Product is : DXL.zip'
Product is : DXL.zip
pwd
cp -rf /Users/tomg2/mfeT5FKdG/DXL.zip /var/McAfee/agent/data/contrib/
cp: directory /var/McAfee/agent/data/contrib does not exist
ccount=1
'[' 1 -lt 1 ']'
+ pwd
cp -rf /Users/tomg2/mfeT5FKdG/contrib.ini /var/McAfee/agent/data/contrib/
cp: directory /var/McAfee/agent/data/contrib does not exist
sleep 10
pwd
echo 'Calling mcupdater : location : /Users/tomg2/mfeT5FKdG'
Calling mcupdater : location : /Users/tomg2/mfeT5FKdG
+ pwd
/Library/McAfee/agent/bin/mcupdater -install -location /Users/tomg2/mfeT5FKdG -initiator 1385
/Users/tomg2/Desktop/install.sh: line 95: /Library/McAfee/agent/bin/mcupdater: No such file or directory
/Library/McAfee/agent/scripts/ma restart
/Users/tomg2/Desktop/install.sh: line 97: /Library/McAfee/agent/scripts/ma: No such file or directory
'[' 127 '!=' 0 ']'
echo MA Start Failed
MA Start Failed
cd /Users/tomg2
'[' -z '' ']'
rm -rf mfeT5FKdG
'[' -d /Volumes/MFEMA0kGv2 ']'
rm -rf /Volumes/MFEMA0kGv2
'[' 1 -ne 0 ']'
rm -rf /var/McAfee/agent/keydata
+ exit 1
tomg2@JAMFDEVB-01 ~ %

sdagley
Esteemed Contributor II

@glennt That looks like your install.sh is FUBAR. Can you have your McAfee team generate a new one from your ePO console?

glennt
New Contributor II

I've just blitzed my test MBP, re-installed 11.1 & re-built with my DEP enrolment policy - all's well in McAfee land! Thanks for everyone's input on this, really appreciated. Have a good one guys.

sdagley
Esteemed Contributor II

@glennt Glad to hear you got it working

glennt
New Contributor II

I found out what was causing the install.sh folder/disk mount issue with Big Sur. I have a config profile restriction for Disk Images to require authentication (as requested by my infosec team). Interestingly this profile doesn’t affect Catalina devices though.

obi-k
Valued Contributor II

What a helpful thread! Thanks for all the tips.

After upgrading to Catalina, we were having fan issues, slowness, computer freezes. We updated McAfee EP 10.6.10 (Prevention & Protection) and McAfee 5.6.6 agent. Checked PPPC as noted above. We also made sure all our other security agents and software was up to date.

Apple pointed out a Kextless article. Once I punched this into a script, the performance was day and night. So far, so good.

I just received EP version 10.7.5, but not the latest agent, so haven't tested the changes in that version.

Hope this helps others... Kext-less mode

sdagley
Esteemed Contributor II

@mvu The script linked in one of my posts above (https://www.jamf.com/jamf-nation/discussions/36443/mcafee-endpoint-security-pppc#responseChild209589) shows how to install the McAfee ENS components in kextless mode so you don't have to change modes after installation. It's not applicable to ENS 10.7.5, which has changed to System Extensions.