Posted on 07-25-2017 12:18 PM
https://kc.mcafee.com/corporate/index?page=content&id=KB89431
Now we have to exclude that user in all our scripts. #UATwhatsUAT
$ dscl . list /Users | grep mfe
mfe
$ id mfe
uid=502(mfe) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts),703(com.apple.sharepoint.group.3),704(com.apple.sharepoint.group.4),98(_lpadmin),100(_lpoperator),204(_developer),701(com.apple.sharepoint.group.1),225(com.apple.access_loginwindow),702(com.apple.sharepoint.group.2)
Posted on 07-25-2017 12:21 PM
my o my.
Posted on 07-25-2017 12:24 PM
"You pay us, but you do our Beta testing and UAT, thank you, enjoy the show!" - McAfee
#shakesFistAtMcAfee
Posted on 07-25-2017 12:28 PM
Yeah, we see this too now. Amateurs. That's all I can say about them that's even remotely nice and doesn't involve swear words.
Posted on 07-25-2017 12:29 PM
well, that explains a lot.
Posted on 07-25-2017 12:30 PM
So much for "hidden"...ugh...we're reporting to McAfee.
EA to look for /Users/mfe
and nuke it....better than editing bunches of scripts.
Until McAfee gets their heads out of their a**.
Posted on 07-25-2017 12:31 PM
@donmontalvo what would be the ripple effect of deleting mfe?
Posted on 07-25-2017 12:33 PM
@donmontalvo Is that account safe to nuke without messing up the software more than it already is when installed correctly? If so, I will also be nuking it. It annoys the crap out of me that this stupid account shows up now in inventory records. Every time I think their developers can't get any worse, they surprise me.
Posted on 07-25-2017 12:43 PM
The "hidden" mfe user's home is /var/empty
.
The /Users/mfe
folder gets created when any of our scripts needs to populate home directories for accounts with UID 500>.
Posted on 07-25-2017 12:47 PM
Ha....haha...HAHAHA...
mfe account on macOS
https://www51.v1ideas.com/IntelIdeas/ISecGForum/Idea/Detail/58270
PI is in reference to support case 4-17528505931
Directory Utility high level...
Posted on 07-25-2017 12:51 PM
Apparently to McAfee, the definition of "hidden" means it doesn't have a home folder in /Users/ that you can see. Or maybe more simply, "If you squint really hard you can't see it!". They are so inept it's beyond belief.
BTW, the article you linked to doesn't say anything about being safe to remove without repercussions. It says you can change the password, but like, who would even care about that? I'd prefer it just either not be there in the first place, or they learn the definition of "hidden"
Posted on 07-25-2017 01:45 PM
looks like it happened in 5.0.5... does it continue to 5.0.6?
nevermind.. it does persist in 5.0.6
Posted on 07-25-2017 02:06 PM
We enable McAfee unacceptable behavior.
: (
C
Posted on 07-25-2017 04:34 PM
@mm2270 wrote:
BTW, the article you linked to doesn't say anything about being safe to remove without repercussions.
The /Users/mfe
folder only exists after one of our scripts run to write out a defaults command to /Users/<user>/Library/Preferences/yadayada.plist
.
Posted on 07-26-2017 06:57 AM
This is entertaining. Are you guys using McAfee?
Posted on 08-10-2017 04:49 PM
Yes.
We also like to go out for group walks during lunch.
You know, barefoot, over shards of glass, thumbtacks, in traffic, etc.
Posted on 08-31-2017 07:58 AM
We finally got a response from McAfee:
We reached out to Apple's support team and they informed us that UIDs below 500 are reserved for Apple, specifically, and that they can at will remove these. ... In other words, it looks like we're stuck with a UID above 500 for the mfe user.
So apparently they think that macOS just removes low-UID accounts for the sport of it?
Posted on 08-31-2017 08:05 AM
If this was the case, our Jamf Pro management account that we've been using for like 6 years now with a sub 500 UID would have been removed long ago. This excuse is bogus. Apple doesn't remove UIDs below 500.
To be somewhat fair, I do seem to recall an OS update a long while ago, maybe 10.8.something that might have done that, but that was a one off case that Apple corrected and it hasn't happened since. As usual, McAfee is using outdated information and is incompetent. But tell me something new.
Posted on 08-31-2017 08:26 AM
@bvrooman I also call BS on McAfee. They're such a bloated company with lots of redundant layers of unnecessary management and teams, to get an answer like that from them underscores how inept they are.
Endpoint for Mac is 5 pieces...four signed/flat packages and one long-in-tooth-convoluted install.sh
script that the customer has to wrap and insert commands that are poorly documented and don't always work.
Rumor has it they've got a 70+ year old bearded skinny guy chained and in a cage maintaining install.sh
and are waiting for him to die.
In short McAfee is blowing smoke, maybe their founder gets his supply from the company.
Drugs, rape, murder, offering to crack iOS...why do business with such a shady company?
John McAfee's strange tale gets darker in documentary
Posted on 08-31-2017 08:36 AM
@donmontalvo I logged that, McAfee didn't want to help us with it at all :/
We're moving away from McAfee now. Not related to this really, but happy to see the back of this issue as a result.
Posted on 08-31-2017 10:28 AM
@donmontalvo....
It's really worse than that when Intel "sold" 1/2 of them ( they didn't really they paid the investment group 2 billion USD) on a 4 Billion sale so it was a dump. However, the good part is investment group has real ties to China... so not good in any way...
C
PS @draeconis can you share how big your install base is? I know they lost a big account late last year or early this year.. trying to get data so we can drop them too.. thanks!!
Posted on 08-31-2017 12:52 PM
I agree that the excuse is a load of crap. Unfortunately, they also confirmed that they have no intention of changing their monkeys-at-a-typewriter development process or start thinking about their clients when releasing half-baked crap instead of software.
Posted on 08-31-2017 01:23 PM
This is one of those cases where I truly wish we could vote with our dollars and put this load of poop company out of our misery.
Unfortunately, where I am, I don't get to make the decision on which software to use for security purposes. We just get told this is what we use and find a way to make it work. Complaints about the fact that it's a steaming pile go in one ear and out the other. If it were up to me, McAfee would get removed from every single device, PC and Mac, in the environment and they'd be told not to come knocking ever again because of how shoddy their work has been for the last umpteen years. It's completely ridiculous they refuse to put some competent resources into making their garbage stink just a little less. We're not asking for perfection, just something that we don't have to wrestle with almost daily to make it actually work!
Posted on 02-06-2018 09:00 PM
McAfee blows more smoke...
https://www51.v1ideas.com/IntelIdeas/ISecGForum/Idea/Detail/58270
Posted on 02-08-2018 07:52 AM
Had our InfoSec open a ticket with McAfee. Their response was, well...
"Based on [based on MAC Engineer's] suggestion if you create less than 500 UID it will not be hidden and that's why the UID can't be less than 500."
Has anyone tried to move the uid to something sub-500 and fix their crappy work?
Posted on 02-08-2018 08:37 AM
What the what?? That statement wins the prize for dumbest statement of the year from a tech support person.
Maybe the problem is the "engineer" they spoke with was an expert in "MAC" and not "Mac" :rollseyes:
McAfee's ineptness on the Mac front for their craptacular product continues to astound me. And it's not even just that they don't know what they're doing. It's the refusal to even try to learn or try harder that galls me. They continue to shatter even my very very low expectations of them. Is there no bottom to their incompetence? I'm beginning to think "no".
Posted on 02-08-2018 08:45 AM
We need a Mcafee "support group". : )
C
Posted on 02-08-2018 06:29 PM
@easyedc McAfee probably hired some ex Adobe engineers.
"Based on [based on MAC Engineer's] suggestion if you create less than 500 UID it will not be hidden and that's why the UID can't be less than 500."
Posted on 02-08-2018 07:09 PM
Step 1: insult two vendors in one post
Posted on 02-08-2018 07:56 PM
You can't call McAfee and Adobe "vendors", it's not remotely fair to companies that take the products and support seriously.
C
Posted on 02-08-2018 09:41 PM
@easyedc Curious if there was a follow up exchange with the Peanut Gallery.
@gachowski they won't care as long as they're making money. ¯_(ツ)_/¯
@mm2270 The group responsible for the horrible install.sh
should have been fired a long time ago. Clearly there's some dead wood over there. The components released as flat/signed PKGs are not bad at all. Guessing they farmed out those items.
Posted on 02-09-2018 08:32 AM
I think the install.sh is the same as how the agent is installed on linux I think that is why it didn't change when the new .pkg were rolled out. Also I think the new .pkgs were before the dump to the private company in China so I expect that the pkgs were the last thing finished before all the "mac guys" left. I don't see it getting any better as they have entered two new businesses.
https://www.skyhighnetworks.com/
http://www.securityinfowatch.com/press_release/12390593/mcafee-introduces-identity-theft-protection-service
Posted on 02-09-2018 05:15 PM
@gachowski wrote:
...I think the new .pkgs were before the dump to the private company in China...