Pushing Mcafee Endpoint Protection 2.1.0

brobertson
New Contributor

So I am very rusty at scripting, and I am tasked with pushing Mcafee Endpoint Protection 2.1.0 to our Mac systems using Casper.

So I have the default installation script the McAfee administrator gave us, but the script requires user input in order to function (need to type "-i" for a fresh install).

How can I edit the script so it defaults this this option automatically and starts the install?

Heres the install script I am working with:

#!/bin/sh
###getopt for command line arguments.
###Handle the following
### -i install, rpm ivh
### -u upgrade, rpm Uvh )
### -b upgrade but no server info
### -c cloud config path (option for internal usage in bootstrap)
### -h help

PATH=/usr/bin:/bin
umask 022
NATIVE_INSTALLER_FILE=MFEcma.dmg #NATIVE_INSTALL_PACKAGE_NAME_HERE
command=$0

install=
upgrade=
extract=
directory=
unzip_exe_size=104088
cloud=

usage()
{ echo "Usage: $command [-i|-u|-b|-h ]" echo "-i : fresh install " echo "-u : upgrade install" echo "-b :Upgrade Agent only , no server info will be updated" echo "-h : show this help" echo ""
}

user=id | cut -d'=' -f2 | cut -d( -f1
if [ $user -ne 0 ]; then echo "This package needs root authentication to install." exit 1
fi

###BZ 392336 Bail out if NWA exists
if [ -d /Library/NETAepoagt ];then echo "Detected presence of previous agent in /Library/NETAepoagt. Installation cannot continue." exit 1
fi

###Validation: No args, go away
if [ $# -eq 0 ]; then usage exit 1
fi

updateserverinfo="yes"

##First get the options
while getopts e:ic:ubh: opt do case "$opt" in i) install="yes";; c) cloud="$OPTARG";; u) upgrade="yes";; b) upgrade="yes";; h) usage exit 0;; [?]) usage exit 1;; esac
value=expr $OPTIND - 1
done
shift $value

returncode=0
keydata_dir=/Library/McAfee/cma/scratch/keydata

###Cannot have install and upgrade together
if [ ! -z "$install" ] && [ ! -z "$upgrade" ];then echo You cannot specify install and upgrade at the same time usage exit 1
fi

##Cannot have "neither install, nor upgrade"
if [ -z "$install" ] && [ -z "$upgrade" ];then echo "Neither install nor upgrade has been specified in the options" usage exit 1
fi

if [ -e /Volumes/MFECMA ];then echo /Volumes/MFECMA already exists.The agent disk image cannot be mounted echo Please move or rename /Volumes/MFECMA and then rerun this setup exit 1
fi

###Okay, now that everything has been checked, its time to get going
##First we need to extract everything to a temp location, ##and then unzip it to the final destination

if [ ! -z "$cloud" ];then #For Agent installation through bootstrap. echo "Agent installation through bootstrap." if [ ! -d "$cloud" ];then echo "Cloud config path doesn't exist($cloud)." exit 1 else directory="$cloud" temp_directory="$cloud" fi
else #For On-Prem install temp_directory=mktemp -d mfeXXXXXX if [ -f /etc/cma.d/bootstrap.xml ];then rm -rf /etc/cma.d/bootstrap.xml fi

if [ -z "$directory" ];then directory=$temp_directory fi

if [ -f "$directory" ];then echo Output destination specified is a file which laready exists. Cannot overwrite rm -rf "$temp_directory" exit 1 fi

if [ ! -e "$directory" ];then mkdir -p "$directory" fi
fi

if [ -e "$temp_directory" ] ;then ###installer has checks for disk space, and so I wont bother about it. ###unzip will also complain is there isnt enough space for the extracted file ###So, all I care about is to have enough space for the zip itself. ###Since the zip is appended to this file itself, it would never be larger that ###this sfx itself.So havin enough space in $temp_dir to hold the sfx is good enough
if [ -z "$cloud" ];then

required_space=stat -f %z "$command" required_space=expr $required_space 2 echo space required to copy archive is $required_space bytes available_space=df -k $temp_directory | tail -n -1 | awk '{if ( $4 ~ /%/) { print $3 } else { print $4 } }' #convert the kb to bytes available_space=expr $available_space 1024 echo space available at $temp_directory is $available_space bytes if [ $required_space -gt $available_space ];then echo Not enough space to extract contents rm -rf $temp_directory exit 1 fi

echo "extracting archive to $directory... please wait" SKIP=awk '/^ARCHIVE_FOLLOWS/ { print NR + 1; exit 0; }' "$0"

# take the archive portion of this file and pipe it to unzip tail +$SKIP "$command" > "$temp_directory"/payload

block_size=512 nblocks=expr $unzip_exe_size / $block_size remainder=expr $unzip_exe_size % $block_size if [ 0 != $remainder ];then nblocks=expr $nblocks + 1 fi

dd if="$temp_directory"/payload of="$temp_directory"/unz bs=$block_size count=$nblocks dd if="$temp_directory"/payload of="$temp_directory"/package.zip bs=$block_size skip=$nblocks chmod +x "$temp_directory"/unz
# /bin/sh "$temp_directory"/unz -j -o $"$temp_directory"/package.zip -d "$directory" unzip -j -o $"$temp_directory"/package.zip -d "$directory" rm -rf "$temp_directory"/package.zip rm -rf "$temp_directory"/unz
fi
if [ -n "$install" ] || [ -n "$upgrade" ];then if [ "$updateserverinfo" = "yes" ] ; then mkdir -p "$keydata_dir" returncode=$? if [ $returncode -ne 0 ] ; then echo "Failed to create keydata directory.exiting" exit 1 fi cp -f "$directory"/sitelist.xml "$keydata_dir"/SiteList.xml cp -f "$directory"/srpubkey.bin "$keydata_dir" cp -f "$directory"/reqseckey.bin "$keydata_dir" cp -f "$directory"/sr2048pubkey.bin "$keydata_dir" cp -f "$directory"/req2048seckey.bin "$keydata_dir" cp -f "$directory"/agentfipsmode "$keydata_dir"/agentfipsmode cp -f "$directory"/RepoKeys.ini "$keydata_dir"/RepoKeys.ini if [ ! -f "$keydata_dir"/SiteList.xml ] || [ ! -f "$keydata_dir"/srpubkey.bin ] || [ ! -f "$keydata_dir"/reqseckey.bin ] || [ ! -f "$keydata_dir"/sr2048pubkey.bin ] || [ ! -f "$keydata_dir"/req2048seckey.bin ];then echo "Could not find key data files. Installation cannot continue" rm -rf "$keydata_dir" exit 1 fi fi fi

hdiutil attach "$directory/MFEcma.dmg"
fi

####Now do the actual install/ upgrade stuff
####The actual operations for copying the reqseckey and other files should already be there in the installer
returncode=0
if [ -z "$extract" ];then mypwd=pwd cd "/Volumes/MFECMA" echo "IsLegacyEPO:N" > /etc/mainstall.config echo "ConfigDirPath:/Volumes/MFECMA" >> /etc/mainstall.config echo "StartService:Y" >> /etc/mainstall.config

flag=1 pltvrsn=/usr/bin/sw_vers | grep ProductVersion | cut -d: -f2 majvrsn=echo $pltvrsn | cut -d. -f1 minvrsn=echo $pltvrsn | cut -d. -f2

if [ -f /Library/McAfee/cma/bin/msaconfig ];then flag=0; fi if (($majvrsn>=10 && $minvrsn>=6 && $flag)); then sudo /usr/sbin/pkgutil --forget comp.nai.cmamac > /dev/null 2>&1 fi sudo /usr/sbin/installer -pkg cma.pkg -target "/" returncode=$? sleep 5 cd "$mypwd" hdiutil detach /Volumes/MFECMA rm -rf /etc/mainstall.config
else hdiutil detach /Volumes/MFECMA
fi

if [ -z "$cloud" ];then rm -rf "$temp_directory"
fi

if [ $returncode -ne 0 ];then rm -rf "$keydata_dir" exit 1
fi

if [ -d "$keydata_dir" ] ; then rm -rf "$keydata_dir"
fi
exit 0

##DO NOT PUT ANYTHING AFTER ARCHIVE_FOLLOWS UNDER ANY CIRCUMSTANCE (NOT EVEN WHITESPACE). ##DOING SO WILL RENDER THE SCRIPT UNUSABLE
###SUCCESSFUL extraction from the zip depends on it

11 REPLIES 11

Kaltsas
Contributor III

Your McAfee administrator should be able to get a pkg download of EPM210-RTW-1085 from the McAfee download site. This .pkg is easily deployable via a Casper policy. When the McAfee agent is installed this is manageable via ePO. There is also a EPM210-RTW-ePO-1085.pkg available. I don't think there is a difference between the two. The EPM210-RTW-ePO-1085.pkg should be in the EPM210-RTW-ePO-1085.zip available from the McAfee download site.

If you are using EPO it's a little trickier but I have the install.sh script packaged up as a .pkg (I used Packages to bundle this) that deploys fine from Casper, more or less. I have clients that are not enrolled with casper and it was a hassle for the techs to run the install.sh script by hand so creating the .pkg helps them as much as it helped me.

Let me know if you need more specifics about how I'm getting this out.

My bigger issue is I am currently having an issue where a system running 10.9.2 with EPM 2.1 that is bound to AD has extremely long Authentication times for AD accounts when the On Access Scan is enabled. I would be interested if you have an AD environment and if so if you have seen this issue in your environment. I've had a ticket open with McAfee for a while that has been escalated to Tier 3 but I haven't seen much movement.

dpertschi
Valued Contributor

Yep, that ePO agent "installer" is POS! But I've good way to deal with it…

Drop the agent shell script into /tmp or any other location you like.
Then package the shell script (I used Composer) and and include a post flight script with the install command: /tmp/filename.sh -i

I created a second one with the -u flag for upgrades.

Upload to Casper and deploy. The only caveat there is since it's mounting a .dmg, you need to install with a logged in user. Work it out so that the agent installs first and the AV software second.

brobertson
New Contributor

Thanks for the responses, and we are running in a 10.8.5 Environment with AD.

I found the following thread:

https://jamfnation.jamfsoftware.com/article.html?id=182

Packaged the install.sh file into a dmg, loaded it up to casper, set a run command to the following: "/Library/Application Support/McAfee/install.sh -i" and ran it to a few test systems.

So far running into the following error:

Result of command:
space required to copy archive is 35820358 bytes
space available at mfeg7HKdh is 201557430272 bytes
extracting archive to mfeg7HKdh... please wait
204+0 records in
204+0 records out
104448 bytes transferred in 0.000604 secs (172951703 bytes/sec)
34762+1 records in
34762+1 records out
17798484 bytes transferred in 0.131683 secs (135161478 bytes/sec)
Archive: mfeg7HKdh/package.zip
error [mfeg7HKdh/package.zip]: missing 252 bytes in zipfile
(attempting to process anyway)
error: expected central file header signature not found (file #3).
(please check that you have transferred or created the zipfile in the
appropriate BINARY mode and that you have compiled UnZip properly)
error [mfeg7HKdh/package.zip]: attempt to seek before beginning of zipfile
(please check that you have transferred or created the zipfile in the
appropriate BINARY mode and that you have compiled UnZip properly)
(attempting to re-compensate)
inflating: mfeg7HKdh/MFEcma.dmg error: invalid compressed data to inflate
file #2: bad zipfile offset (local header sig): 17795500
(attempting to re-compensate)
inflating: mfeg7HKdh/reqseckey. error: invalid compressed data to inflate
cp: mfeg7HKdh/sitelist.xml: No such file or directory
cp: mfeg7HKdh/srpubkey.bin: No such file or directory
cp: mfeg7HKdh/reqseckey.bin: No such file or directory
cp: mfeg7HKdh/sr2048pubkey.bin: No such file or directory
cp: mfeg7HKdh/req2048seckey.bin: No such file or directory
cp: mfeg7HKdh/agentfipsmode: No such file or directory
cp: mfeg7HKdh/RepoKeys.ini: No such file or directory
Could not find key data files. Installation cannot continue

Kaltsas
Contributor III

Try creating a package with Packages as follows.

•Create the Payload as install.sh to some location on the system (I have a directory in /Library that I put several things for our environment).
•Create a script that runs that script from that location. Here's a dirty example. You might want to build in more logic to delete install.sh when it's done.

#!/bin/sh

# Install McAfee Agent 4.0 w/patch 2
/Library/Location/install.sh -i

exit

•Set this script as a Post-installation script in your package
•Build to get a .pkg

You should now have a .pkg that will install the McAfee agent for your environment. I never had any luck with other methods of deploying that monstrous script.

brobertson
New Contributor

Arg, still getting an error. Looks like its running the package successfully, pushing out the directory and install.sh files to the systems, but when it runs the Post-Installation script it gets the following error:

Copying McAfee.pkg...
Installing McAfee.pkg...
Successfully installed McAfee.pkg.
Running script McAfeePostScript.sh...
Script exit code: 1
Script result: space required to copy archive is 35820850 bytes
space available at mfeFicS1h is 209095561216 bytes
extracting archive to mfeFicS1h... please wait
204+0 records in
204+0 records out
104448 bytes transferred in 0.000592 secs (176434420 bytes/sec)
34763+1 records in
34763+1 records out
17798729 bytes transferred in 0.128163 secs (138875613 bytes/sec)
Archive: mfeFicS1h/package.zip
inflating: mfeFicS1h/MFEcma.dmg inflating: mfeFicS1h/reqseckey.bin inflating: mfeFicS1h/srpubkey.bin inflating: mfeFicS1h/sitelist.xml inflating: mfeFicS1h/req2048seckey.bin inflating: mfeFicS1h/sr2048pubkey.bin inflating: mfeFicS1h/agentfipsmode inflating: mfeFicS1h/RepoKeys.ini Checksumming whole disk (Apple_HFS : 0)…
whole disk (Apple_HFS : 0): verified CRC32 $7A4857A0
verified CRC32 $78632BE7
/dev/disk1 /Volumes/MFECMA
installer: Package name is McAfee Agent
installer: Upgrading at base path /
installer: The upgrade failed (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.)
"disk1" unmounted.
"disk1" ejected.

Kaltsas
Contributor III

Does this system already have any other mcafee products on it?

ctangora
Contributor III

You got this error because the file contains a zipped archive. It goes to the point where it thinks that the file will begin and tries to unzip it. But since you edited the script it now can't find the beginning of the zipped file and throws the error.

Two options...

1) Check for the existence of the uninstaller and uninstall as part of a preflight script.

2) Check for the existence in the post flight with an 'if' and run "install.sh" -u if it exist, and "install.sh -i" if it doesn't.

Chris

pawan_joshi
New Contributor II

Hi Kaltsas, We already have EPM2.2 in place and now I'm trying to replace it with EPM2.3 in our image. We have ePO in our environment. I have the required .dmg but when I packaged it using composer and added to the configuration under Casper Admin, it doesn't get deployed through the image. Any help would be greatly appreciated.

Kaltsas
Contributor III

You can drop EPM230-RTW-1791.pkg right into casper admin. This package should be available via McAfee downloads as long as you have your grant number. https://secure.mcafee.com/apps/downloads/my-products/login.aspx?region=us

I would not repackage it with composer. If you have clients that already have epm installed I would leverage EPO to deploy the updates, depending on how cantankerous your EPO admin is. EPO is not easy to navigate and it is not always apparent how to make it do things but we have wrangled policies and tasks such that machines tagged with a test tag will always get whatever is checked into Evaluation and all other machines will get what is checked into production.

As is in our imaging configuration workstations get two packages
McAfee Agent 4.8.1938.pkg
EPM230-RTW-1791.pkg

a1cc91f513ef4d8bb5eb7d076bbabe60

Within 2 hours they will check in with EPO and pull firewall policy and an EPM hotfix.

I have instructions for packaging the agent here

pawan_joshi
New Contributor II

Thanks a lot Kaltsas..that worked. This was only for the Macs that would be imaged henceforth. The ones in production will get the EPM update through ePO.

franton
Valued Contributor III

I ran into this a while back. I ended up coding this:

McAfee Agent post install script

Simple version is that you install the McAfee agent script into /Library/Application Support/McAfee as detailed in McAfee's own best practice guide, then run my script as part of a pkg post install script. It will automatically take care of the fresh install / upgrade choice and log everything locally to the computer for future reference or testing.

For the record, a properly coded epo server should do the upgrades and all the installation itself without you ever having to install the keys, epm and agent separately. If it doesn't, it's time to complain to your epo admin.