McAfee with High Sierra

gachowski
Valued Contributor II

In our testing of High Sierra 10.13 we have found that about 1 out of every 10 installs hard freezes on the reboot that ends our install process. We have tested on HS about 300 times and discovered that it's most likely the Threat Prevention module and noticed that the installers in general are not really reliable on HS. Our most current test we have seen 5 machines end in all different states, with all different modules. We see the same behavior with McAfee installed manually or automated with Jamf Pro.

Anybody see the same thing? Is anybody using HS and McAfee?

Thanks

C

19 REPLIES 19

mm2270
Legendary Contributor III

Posting so I can follow the thread. Unfortunately we are a McAfee shop and I'm dreading moving to HS, which we are gearing up to do now (yes, very late to the game) But @gachowski, let me ask you, are you sure you're using the HS compatible version of McAfee Security? As I understand it, the 10.2.2 release worked with Sierra, but not HS, whereas 10.2.3 works with both. Maybe that's the issue?

I've asked our global security team to get the 10.2.3 update in place in ePO so we can begin the work of moving users to HS in the near future. Until ePO is set up to use that release, I'm not touching anything, since I know the older version just doesn't work with it.

gachowski
Valued Contributor II

@mm2270 Thanks : ) I should have add the version info... Yep we have been testing with 12.2.3 and the hotfix...

Our current versions

Agent 5.0.6.347
ENS Threat Prevention 10.2.3.6519
ENS Firewall 10.2.3.1507
DLP 11.0.0.85

dba_nc
New Contributor III

We only have 27 high sierra macs but we haven't experienced issues so far. We're using McAfee agent 5.0.6.347 and ENS Threat Prevention 10.2.3 (6519). Hotfix version HF1219497, HF1226723.

jwojda
Valued Contributor II

@dba_nc we're using the same w/o issue on about 30-40 Macs.

cmoran
New Contributor II

I'm seeing something similar. Are you using Crowdstrike as well? I have only been able to get my systems to reliably fail on HS with EPO, Threat Prevention 10.2.3 and crowdstrike installed. I'm working with all 3 vendors to figure it out but it looks like an issue with the changes to kernel extensions.

scottb
Honored Contributor

McAfee running here with 10.12 and 10.13. It's a real mixed bag. When it works, it's awesome. But sometimes getting it to work (it's a console-based install that is done via a large bash script).
It takes sometimes hours for our off-site clients to pull the SFW down.
When that happens, things are good and it's not a bad product - once you get your whitelist sorted.

My problem is when we have a problem, you can't just run the installer again. McAfee has some lines to run to "uninstall" but they don't clean the Mac of all bits, and it often leaves the Mac in a state where it won't install again, and it's not protected. I'm working on this at this very moment.

All in all, we have only had a few issues with the new rev and 10.13. I just have to get a better cleaning process to remove the bits and start clean...

gachowski
Valued Contributor II

@scottb

Can you share the number of 10.13 Macs you have it running on?

Thanks

C

gachowski
Valued Contributor II

@cmoran

Nope on Crowdstrike.... Only Jamf Pro 10.2, any public version of macOS High Sierra, the McAfee agent and Threat Prevention.

Sorry

C

scottb
Honored Contributor

@gachowski - currently, we're setting up a new client and have ~200.
More coming, so I will keep an eye out. I just created a test kext profile to test, but have not had a chance to run it yet.
I know it's a small sample, but I've had few issues since we got the install sorted.

I got it running using the info you gave me here:
McAfee Install

I know we had to work with our AV and McAfee guy to get a good whitelist sorted. That was really critical as the base install caused all sorts of things to go awry.
Never had the problem you posted though...

scottb
Honored Contributor

Another thing, we had to have users remove Eset (provided in Self Service) prior.
Of course some didn't (we were not allowed to just do it...don't ask) and those had issues - shocking.
So once we got them following the rules, we got them sorted too.

I currently have three Macs with issues, but one of them tried to run the installer 3x in a row - in spite of the docs and description saying not to and it will take possibly up to four hours.

My test Mac got hosed for other reasons, but the removal tools we have didn't work right and now I guess I'm going to nuke it to start over.

gachowski
Valued Contributor II

@scottb

What could take 4 hours? Are you just installing the agent and the the EPO server is pushing Threat Prevention and other McAfee .pkgs? And the pushing could take 4 hours?

Thanks

C

c_archibald
Contributor II

We have 4 machines of 46 that have issues w/ McAfee right now. 3 are 10.13.4 & 1 is 10.12.6. Issues range from services not running, no .App, & no updating/reporting.

Apple's NOT Optimized warning leads me to the Apple support page for 64bit compatibility. Upon checking, McAfee 10.2.1 is NOT 64bit. Checking with our support for pushing us 10.2.3.

scottb
Honored Contributor

@gachowski

What could take 4 hours? Are you just installing the agent and the the EPO server is pushing Threat Prevention and other McAfee .pkgs? And the pushing could take 4 hours?

Yes, and many users are off-site. And due to the number of Macs/PC's onsite, they stagger the connections for new clients.
So we have no control on our end, and that's why I have to do things like I do. I can't just check for the package receipt, I have to wait for the actual app, etc. to be there before we can call it a success.

gachowski
Valued Contributor II

@scottb

Thanks that is very helpful !!! Somebody suggested doing that here and I "pushed back". : ) This was one of my reasons!!! : )

C

scottb
Honored Contributor

@gachowski = well, I owed you one! If I could just get a reliable way to remove it when needed, I'd be a happy clam - today!

sdagley
Esteemed Contributor II

@scottb Have you found a way for the 10.2.3 install to complete without requiring the user to open the Security & Privacy prefs panel and Allow the McAfee software to load?

scottb
Honored Contributor

@sdagley

This is what I'm going to test later today. I have to nuke the Mac (behind on that) and run this. I don't know if it will work, but I'll post back...

36f488f4a3e5411b85abcf29c7829312
ce39b57f996e408ea40c135c353dc535

sdagley
Esteemed Contributor II

@scottb Ah, for some reason I wasn't thinking there was a kext involved. Yet another reason to upgrade the JSS to Jamf Pro 10

gachowski
Valued Contributor II

@scottb @sdagley

We do what ScottB posted and it works for us...

C