Uninstalling McAfee/Trellix Firewall without credentials prompt

glpi-ios
Contributor III

Hello,

We had McAfee/Trellix Firewall installed on all of our MacOS computers.
We have to quickly uninstall it but during Firewall uninstall process, a prompt for admin username and pass is showing to uninstall the extension system.

But none of our users is administrator and it is just not possible to go on more than 1600 computers for that.

Do you know how it is possible to uninstall completely and silently?

Thank you for your help

1 ACCEPTED SOLUTION

sdagley
Esteemed Contributor II

@glpi-ios Here's a script that should do a silent removal of a McAfee install including the firewall module: https://gist.github.com/sdagley/566dddd0b497dfe05fb487abaa274024

You can edit it to skip any modules you want to retain (NOTE: There is a dependency on ENS for the MNE and FRP modules, so ENS can't be fully removed if you plan on retaining them)

View solution in original post

9 REPLIES 9

sdagley
Esteemed Contributor II

@glpi-ios Here's a script that should do a silent removal of a McAfee install including the firewall module: https://gist.github.com/sdagley/566dddd0b497dfe05fb487abaa274024

You can edit it to skip any modules you want to retain (NOTE: There is a dependency on ENS for the MNE and FRP modules, so ENS can't be fully removed if you plan on retaining them)

Hello. Can this code be ran on Windows?

sdagley
Esteemed Contributor II

@FirezSeth No, that script is specific to Macs

glpi-ios
Contributor III

Thank you very much for your help @sdagley 
Precisely, the goal was to uninstall all the McAfee Endpoint Security products but as only the Firewall part was a problem... So it's perfect!!!

I thank you for your help

TDManila
New Contributor III

Hello! Do you also have the silent installation process through script?

glpi-ios
Contributor III

Hello @sdagley 

Hello,

Sorry for my question which may seem stupid but is making changes in the authorization database risky for the stability of the system?
Before executing the script (which I have tested several times with success), I would like to be sure that this type of intervention is not too aggressive for the system.

Anyway, thank you very much for your script.

sdagley
Esteemed Contributor II

@glpi-ios I don't think there's any risk to changing the database as long as the change is reverted once you've removed the extension. This mechanism has been working for a while, so if Apple did want to block it, they've had ample time.

glpi-ios
Contributor III

Thank ou for your help @sdagley 

sasoke
New Contributor

Hello everyone.

I'm setting the Client Interface Mode to "Standard Access".
In Standard access, non-admins cannot view or change configuration settings on the Settings page.
But I hypothesize that the user knows the password and can login to the settings page.
What is there any way to fix that?
Thanks