In our testing of High Sierra 10.13 we have found that about 1 out of every 10 installs hard freezes on the reboot that ends our install process. We have tested on HS about 300 times and discovered that it's most likely the Threat Prevention module and noticed that the installers in general are not really reliable on HS. Our most current test we have seen 5 machines end in all different states, with all different modules. We see the same behavior with McAfee installed manually or automated with Jamf Pro.
Anybody see the same thing? Is anybody using HS and McAfee?
Posting so I can follow the thread. Unfortunately we are a McAfee shop and I'm dreading moving to HS, which we are gearing up to do now (yes, very late to the game) But @gachowski, let me ask you, are you sure you're using the HS compatible version of McAfee Security? As I understand it, the 10.2.2 release worked with Sierra, but not HS, whereas 10.2.3 works with both. Maybe that's the issue?
I've asked our global security team to get the 10.2.3 update in place in ePO so we can begin the work of moving users to HS in the near future. Until ePO is set up to use that release, I'm not touching anything, since I know the older version just doesn't work with it.
I'm seeing something similar. Are you using Crowdstrike as well? I have only been able to get my systems to reliably fail on HS with EPO, Threat Prevention 10.2.3 and crowdstrike installed. I'm working with all 3 vendors to figure it out but it looks like an issue with the changes to kernel extensions.
McAfee running here with 10.12 and 10.13.
It's a real mixed bag. When it works, it's awesome. But sometimes getting it to work (it's a console-based install that is done via a large bash script).
It takes sometimes hours for our off-site clients to pull the SFW down.
When that happens, things are good and it's not a bad product - once you get your whitelist sorted.
My problem is when we have a problem, you can't just run the installer again. McAfee has some lines to run to "uninstall" but they don't clean the Mac of all bits, and it often leaves the Mac in a state where it won't install again, and it's not protected. I'm working on this at this very moment.
All in all, we have only had a few issues with the new rev and 10.13. I just have to get a better cleaning process to remove the bits and start clean...
@gachowski - currently, we're setting up a new client and have ~200.
More coming, so I will keep an eye out. I just created a test kext profile to test, but have not had a chance to run it yet.
I know it's a small sample, but I've had few issues since we got the install sorted.
I got it running using the info you gave me here:
I know we had to work with our AV and McAfee guy to get a good whitelist sorted. That was really critical as the base install caused all sorts of things to go awry.
Never had the problem you posted though...
Another thing, we had to have users remove Eset (provided in Self Service) prior.
Of course some didn't (we were not allowed to just do it...don't ask) and those had issues - shocking.
So once we got them following the rules, we got them sorted too.
I currently have three Macs with issues, but one of them tried to run the installer 3x in a row - in spite of the docs and description saying not to and it will take possibly up to four hours.
My test Mac got hosed for other reasons, but the removal tools we have didn't work right and now I guess I'm going to nuke it to start over.
We have 4 machines of 46 that have issues w/ McAfee right now. 3 are 10.13.4 & 1 is 10.12.6. Issues range from services not running, no .App, & no updating/reporting.
Apple's NOT Optimized warning leads me to the Apple support page for 64bit compatibility. Upon checking, McAfee 10.2.1 is NOT 64bit. Checking with our support for pushing us 10.2.3.
What could take 4 hours? Are you just installing the agent and the the EPO server is pushing Threat Prevention and other McAfee .pkgs? And the pushing could take 4 hours?
Yes, and many users are off-site. And due to the number of Macs/PC's onsite, they stagger the connections for new clients.
So we have no control on our end, and that's why I have to do things like I do. I can't just check for the package receipt, I have to wait for the actual app, etc. to be there before we can call it a success.