Upgrading to Sierra through self service breaks McAFee ePO

AVmcclint
Honored Contributor

When I install McAfee Endpoint Security for Mac 10.2.1 via the McAfee Agent 5.0.1.283 onto a brand new, freshly imaged Mac running macOS Sierra 10.12.2, it installs and communicates with the ePO server just fine. HOWEVER, if I take a Mac running El Capitan 10.11.6 that already has McAfee Endpoint Security for Mac 10.2.1 and the McAfee Agent 5.0.1.283 installed and functioning properly and then upgrade that Mac to Sierra via Self Service, McAfee loses all Update repository info that was previously there. As a result, it never receives any new DAT info and it puts the Macs out of compliance. When I try to uninstall the product by running /usr/local/McAFee/uninstall EPM it gives an error and never uninstalls. Because I can't uninstall it, I am unable to reinstall the product either manually or by pushing from the server. This has happened on 6 different Macs and I confirmed the cause by comparing the settings on a Mac before and after upgrading to Sierra.

The weird part is that 2 other Macs that were upgraded directly via the Mac App Store still retained all their McAfee settings and are still working fine.

I built the Self Service policy by downloading the Sierra installer via Mac App Store, copied it into Casper Admin. Cached the installer via policy to selected machines. Then had the user run a policy to install the cached installer. Everything looks normal when the installer runs. Yet for some reason this very specific oddity is the only thing I've found wrong. McAFee appears to be the only product affected by this. Has anyone else seen this? Could there be something weird in the way the installer is running?

1 ACCEPTED SOLUTION

bvrooman
Valued Contributor

This appears to be fixed in the 5.0.4.449 agent hotfix.

On upgrading Mac OS from El Capitan to Sierra, the agent temp folder was getting deleted, causing DAT updates to fail. With this Hotfix the temp folder gets recreated if it is deleted during OS upgrade, and DAT update happens successfully.

While this only mentions DAT updates, I've found that the EPM/ENS uninstall tends to break if anything is missing or out of place.

View solution in original post

6 REPLIES 6

bvrooman
Valued Contributor

This appears to be fixed in the 5.0.4.449 agent hotfix.

On upgrading Mac OS from El Capitan to Sierra, the agent temp folder was getting deleted, causing DAT updates to fail. With this Hotfix the temp folder gets recreated if it is deleted during OS upgrade, and DAT update happens successfully.

While this only mentions DAT updates, I've found that the EPM/ENS uninstall tends to break if anything is missing or out of place.

AVmcclint
Honored Contributor

oh that's great news! I forwarded that to our ePO administrator. Now the next question is: will installing this hotfix fix the already broken installations or will I still need to find a way to uninstall it first and then reinstall the new agent?

AVmcclint
Honored Contributor

EDIT: the Agent version I already have installed is 5.0.4.283. not 5.0.1...

bvrooman
Valued Contributor

Uninstalling the agent is usually pretty reliable; there's a shell script at either /Library/McAfee/cma/uninstall.sh or /Library/McAfee/cma/scripts/uninstall.sh which does a better job of ripping all of the pieces out than does the weird uninstall binary for EPM. Once that's done you can install the new agent.

What I don't know is if an agent upgrade (not uninstalling first) will restore the missing folder/functionality. Weirdly, after a dozen or so test upgrades, I can't get 5.0.4.283 to fail in my environment, so I don't have any real data on the fix. We'll probably still deploy the hotfix prior to making Sierra available for our users to upgrade to in the next couple of weeks.

AVmcclint
Honored Contributor

UPDATE: I pushed the update to a working installation from the ePO console successfully. I was also able to push it to a broken installation and it did restore the update functionality. I still need to test pushing it in other scenarios, but I think this will work.

@bvrooman when I tried running the uninstalls either in /usr/local/mcafee or in the path you gave, they failed. Fortunately pushing this new version is working so far so it's unnecessary.

bvrooman
Valued Contributor

Good to know that the hotfix also repairs broken machines. That makes it ever-so-slightly less concerning.