Now we have to exclude that user in all our scripts. #UATwhatsUAT
$ dscl . list /Users | grep mfe mfe
$ id mfe uid=502(mfe) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts),703(com.apple.sharepoint.group.3),704(com.apple.sharepoint.group.4),98(_lpadmin),100(_lpoperator),204(_developer),701(com.apple.sharepoint.group.1),225(com.apple.access_loginwindow),702(com.apple.sharepoint.group.2)
@donmontalvo Is that account safe to nuke without messing up the software more than it already is when installed correctly? If so, I will also be nuking it. It annoys the crap out of me that this stupid account shows up now in inventory records. Every time I think their developers can't get any worse, they surprise me.
mfe account on macOS
PI is in reference to support case 4-17528505931
Directory Utility high level...
Apparently to McAfee, the definition of "hidden" means it doesn't have a home folder in /Users/ that you can see. Or maybe more simply, "If you squint really hard you can't see it!". They are so inept it's beyond belief.
BTW, the article you linked to doesn't say anything about being safe to remove without repercussions. It says you can change the password, but like, who would even care about that? I'd prefer it just either not be there in the first place, or they learn the definition of "hidden"
BTW, the article you linked to doesn't say anything about being safe to remove without repercussions.
/Users/mfe folder only exists after one of our scripts run to write out a defaults command to
We finally got a response from McAfee:
We reached out to Apple's support team and they informed us that UIDs below 500 are reserved for Apple, specifically, and that they can at will remove these. ... In other words, it looks like we're stuck with a UID above 500 for the mfe user.
So apparently they think that macOS just removes low-UID accounts for the sport of it?
If this was the case, our Jamf Pro management account that we've been using for like 6 years now with a sub 500 UID would have been removed long ago. This excuse is bogus. Apple doesn't remove UIDs below 500.
To be somewhat fair, I do seem to recall an OS update a long while ago, maybe 10.8.something that might have done that, but that was a one off case that Apple corrected and it hasn't happened since. As usual, McAfee is using outdated information and is incompetent. But tell me something new.
@bvrooman I also call BS on McAfee. They're such a bloated company with lots of redundant layers of unnecessary management and teams, to get an answer like that from them underscores how inept they are.
Endpoint for Mac is 5 pieces...four signed/flat packages and one long-in-tooth-convoluted
install.sh script that the customer has to wrap and insert commands that are poorly documented and don't always work.
Rumor has it they've got a 70+ year old bearded skinny guy chained and in a cage maintaining
install.sh and are waiting for him to die.
In short McAfee is blowing smoke, maybe their founder gets his supply from the company.
Drugs, rape, murder, offering to crack iOS...why do business with such a shady company?
It's really worse than that when Intel "sold" 1/2 of them ( they didn't really they paid the investment group 2 billion USD) on a 4 Billion sale so it was a dump. However, the good part is investment group has real ties to China... so not good in any way...
PS @draeconis can you share how big your install base is? I know they lost a big account late last year or early this year.. trying to get data so we can drop them too.. thanks!!
This is one of those cases where I truly wish we could vote with our dollars and put this load of poop company out of our misery.
Unfortunately, where I am, I don't get to make the decision on which software to use for security purposes. We just get told this is what we use and find a way to make it work. Complaints about the fact that it's a steaming pile go in one ear and out the other. If it were up to me, McAfee would get removed from every single device, PC and Mac, in the environment and they'd be told not to come knocking ever again because of how shoddy their work has been for the last umpteen years. It's completely ridiculous they refuse to put some competent resources into making their garbage stink just a little less. We're not asking for perfection, just something that we don't have to wrestle with almost daily to make it actually work!
Had our InfoSec open a ticket with McAfee. Their response was, well...
"Based on [based on MAC Engineer's] suggestion if you create less than 500 UID it will not be hidden and that's why the UID can't be less than 500."
Has anyone tried to move the uid to something sub-500 and fix their crappy work?
What the what?? That statement wins the prize for dumbest statement of the year from a tech support person.
Maybe the problem is the "engineer" they spoke with was an expert in "MAC" and not "Mac" :rollseyes:
McAfee's ineptness on the Mac front for their craptacular product continues to astound me. And it's not even just that they don't know what they're doing. It's the refusal to even try to learn or try harder that galls me. They continue to shatter even my very very low expectations of them. Is there no bottom to their incompetence? I'm beginning to think "no".
@easyedc Curious if there was a follow up exchange with the Peanut Gallery.
@gachowski they won't care as long as they're making money. ¯_(ツ)_/¯
@mm2270 The group responsible for the horrible
install.sh should have been fired a long time ago. Clearly there's some dead wood over there. The components released as flat/signed PKGs are not bad at all. Guessing they farmed out those items.
I think the install.sh is the same as how the agent is installed on linux I think that is why it didn't change when the new .pkg were rolled out. Also I think the new .pkgs were before the dump to the private company in China so I expect that the pkgs were the last thing finished before all the "mac guys" left. I don't see it getting any better as they have entered two new businesses.