McAfee Native Encryption experiences?

dpertschi
Valued Contributor

We've avoided deploying and managing encryption long enough. Customer want's to compare managing FileVault between Casper and McAfee via their new native encryption agent. (not their old crappy encryption which is discontinued)

Yes, I know what the right thing to do is; but we've go no hands on experience with either way.

Does anyone have hands on experience managing FV2 with McAfee, I suspect there are a few good failures worth noting that will send us down the Casper path to encryption bliss right quick.

@rtrouton since your not doing yet another FV presentation at JNUC, I'm going to have to corner you and ask some dopey questions about it all. But I'll buy you a drink for the trouble! MNF at Brit's?

11 REPLIES 11

Kaltsas
Contributor III

We looked at using McAfee Native Encryption but the guy that manages EPO at our organization took a peek, decided he didn't want anything to do with Macs. We've had enough issues with the ePO agent for the Antivirus (which has it's own bucket of problems, we are looking at other solutions)

So I'm not much help but IMO the ePO agent has enough issues I'd avoid it just because of that. Additionally we had a SERIOUS issue with EPM 2.1 causing extended logon on 10.9 that McAfee took over 6 months to rectify should turn anyone off from using their products for Mac if they want any serious level of support.

mm2270
Legendary Contributor III

I can't say too much about it, but I will just echo @Kaltsas' concerns over the EPO agent. We use it here (not EEMac anymore thank goodness, nor the native encryption, just EPM) and honestly my personal name for the company is 'CrapAfee' if that tells you anything about how I feel.

We also had the same hang/crash issue at login with EPM and 10.9.x Macs he mentions. It was quite honestly a nightmare that went on from the time we first deployed 10.9 into the environment until about a month ago when they finally resolved it and only after putting some extreme pressure on our security group that owns the product management and McAfee to figure out just what in the heck was wrong with their product.
And to get that resolution, we had to ship an affected Mac overseas, and far overseas at that. Apparently no-one at the company in the US or even Europe has any deep engineering expertise with the product, which I think is pretty scary.

Kaltsas
Contributor III

@mm2270 I spent many long hours on the phone with the oversees developers. Over a period of months I logged tens of gigabytes of fs_usage logs. We had remote sessions and they would be like yep we can observe the issue but the product is working as expected. Why does this call the status of this file 600000 times? That is working as expected. I would estimate I spent 200+ hours working on this issue, testing every permutation under the sun as McAfee simply refused to budge that it was not working as expected. They kept nailing me on our complex AD environment because the issue was directly proportional to AD Group membership. Look there are way more complex environments than ours I'm sure and that is out of my hands.

They finally provided a hotfix a short while ago (and blamed some change apple made for the problem) but I had to start deploying SCEP for the time being because the Security office mandates AV but I can't kill the entire with EPM.

I am currently testing flextivity from intego but there is an issue with the jamf binary the intego developers are working on resolving. I really want to push to not use McAfee as I don't have direct involvement with the management of ePO so any changes are slow when they are needed. The McAfee support team is slow to respond to other Mac issues I've had outside of this logon issue, probably due to the lack of familiarity with the product outside of the VirusScan team. Users that have EPM installed frequently report beachballs and other performance issues that vanish with removal of the client. I've opened Service Requests on those issues but they are quickly dismissed without a specific issue to target. Is system beachballs constantly with EPM installed not specific enough for you. Honestly we are licensed for SCEP (which is just ESETs client rebadged) but there is concern about not being able to remotely manage the AV and firewall remotely in a quick and easy fashion. I'm sure that now that it sort of works again I'll be told we are already licensed for it we're not buying something else.

I asked for a product roadmap for 10.10 support but was never provided with anything concrete.

tl;dr steer clear of McAfee on OS X if you have any ANY alternative.

dpertschi
Valued Contributor

Oh I'm right on board there with you both… The idea of adding another McAfee agent is horrifying. Seriously.

Now, hijacking my own thread…
What was the solution to the long login business? I've got EPM 2.1 deployed and about 350 10.9 machines out there, but have not heard from our field support that's a noticed issue. Which doesn't mean it's not happening! I was given HF936655 by our ePO admin, but don't know what it's focus is.

@Kaltsas][/url like you, unfortunately I don't have direct involvement or say in usage of the product. Uggggg.

mm2270
Legendary Contributor III

Yep, same basic deal here. MERTool reports, fs_usage logs, you name it, we sent it to them. BTW, you can kind of thank us for that HotFix. It was a direct result of our pressure and finally agreeing to ship an affected Mac to their engineering team so they can do a deeper dive on the issue. It was only after they were able to see the issue first hand that they finally agreed there was a problem and began developing a fix. While they never named names, they did mention they were working with 'at least one other organization experiencing the same issue' and I now suspect that was you guys.

Although things are much better with the HotFix in place, we still get users complain about beach balls or just VShieldScanner eating up a ton of resources (not to mention the fact that VShieldScan shows up 3 times in the process list all the time for no explainable reason).
Part of the issue we were seeing was with the stubborn insistence of our security group that On Access scanning must be on for both Read and Write, and not just Write as we had suggested. When you stop and think of the sheer number of files being accessed in a Read state by the OS at any given moment, its really no wonder the product drags the systems down to a crawl. How could it not!?

Unfortunately, McAfee AV I think is here to stay with us, so I envy that you at least can look at other products as an alternative. Its not even an option for us, so we just have to stay vigilant and monitor issues. With 10.10 around the corner I'm dreading what that means for us. We only JUST got stuff straightened out with Mavericks about a month ago, and here we go again. :(

Kaltsas
Contributor III

@dpertschi][/url There is a hotfix HF983119 I was provided directly from the development team overseas. I don't see it when I log into the product downloads. But I don't see any hotfixes for 2.1 right now so I don't know that that means anything. I checked both of the usual locations, I see fixes for 1.2 so heck if I know what's going on. If you're having the issue you'll probably have to spend months with support to get HF983119. Why shouldn't you get to join in on all the fun! One thing to note is the hot fixes have to be applied in a specific order which is not at all intuitive in ePO (I don't directly work with ePO but I had to learn it anyway so I could walk the ePO guy through the Mac process)

@mm2270][/url I'm testing flextivity, now that McAfee is working (sort of) again I doubt I'll have much traction to push a separate product for OS X. Our Macintosh base is a vocal bunch though so maybe I can get enough support to cast off the McAfee requirement. We make a lot of noise about best of breed solutions and I doubt anyone (McAfee included) would argue that EPM is best of anything.

Kaltsas
Contributor III

@mm2270 Will you be at JNUC? I'd like to have a beer with someone who had to go through that same hell.

mm2270
Legendary Contributor III

@Kaltsas - yes I will be there. Would be glad to sit down and do that.

dpertschi
Valued Contributor

donmontalvo
Esteemed Contributor III

@mm2270 we owe you beer since you weren't there last year. I hope you make it to the Monday night get together.

--
https://donmontalvo.com

dwandro92
Contributor III

@Kaltsas, @mm2270, thank you for sharing this information regarding EPM 2.1. Hopefully this will give me enough ammunition to get McAfee to provide me with the new hotfix.