Packaging McAfee Security

I used the same guidance to package the agent, and I'm installing the Security for Mac .mpkg 'at imaging time'. Trying to stay modular, I did not have to repackage that software.

I found however that installing the agent after the AV software did not inject our ePO server info properly (and vice-versa). So I created a custom trigger that calls a policy to install the agent at first boot. That policy also uses a before script to remove the default agent that was installed by the AV software.

It's ugly, but seems to work.

McAfee Security has always been a nightmare for us. We have an even uglier solution than @dpertschi, but it does work at imaging time with no custom triggers. I created a .mpkg that contains all the dmg files for the Virus Scan and ePO (including a hotfix for each). I set the package to install them into /private/tmp then use a postinstall script to mount each dmg, install the package contained within, and unmount. The overall install mpkg is set to install at imaging time. It is ugly, but it ensures everything installs properly and in the right order (AV, AV Hotfix, ePO, ePO Hotfix). I have found that some installs won't show all the ePO servers right away, but if you let them sit for a couple hours they will populate. This happens maybe 1 in 8 installs.

Do they want it in the image so there isn't a lag waiting for it to come down from ePO, or is there some other concern with having it come from ePO? I'm thin imaging, and using the method you referenced to put the McAfee Agent in place. My policy reboots at the end, then I have another policy set to trigger at startup (run once) that forces the agent to enforce policy, which causes the AV to be installed. That way everything is in place before they leave our build room.

I also "pre-lay" the components at imaging time and then during first boot run a script that actually does the installation. McAfee requires a live, booted OS to install properly.