Jamf Nation Community

MikaelDez · ‎08-04-2020

Hey all,

I've created a policy that places the McAfee EPO Agent install app onto a user's computer, and would like to run a script in that policy to open the app to start the agent install.

The problem is McAfee prompts for admin credentials to allow it make changes, and even if the end user is an admin on their machine, I don't want this prompt to pop up. I thought I could possibly use AppleScript to open the app and then enter text into the username/password fields, but I've run into two problems. 1: the applescript app then needs permission in Accessibility under Security & Privacy, and 2: even after granting permissions it just fails to input text into the username field and ends at that point.

I've added an image of the script.

Any ideas? Even if it's something completely different than the AppleScript route. I'd like for the app to be opened w/o the user needing to input credentials so the install can run its course.

chadlawson · ‎08-05-2020

If I'm remembering this correctly, for McAfee, you can download an "install.sh" script[1] and use that instead. From there, I would put that script into a temporary folder (e.g. /tmp) and then drag it into Composer and set permissions, etc. Then either add a postinstall shell script to the package to run it OR have the policy that installs it run the script from either an "after" action script or (more concisely) use an "Execute Command" action under "Files and Processes" payload for your policy.

For a recent client, that's the route we went to install McAfee. Our challenge was that everyone needed to be on network in order for it to work and with the current work-at-home systems, NO ONE is on network.

The process hasn't changed much in the last few years since I clipped this[2] article.

Let me know if I'm off base on what you need to do and I'll take another look. If you still want to go the AppleScript route, you can use a PPPC configuration profile to pre-approve AppleScript which helps a little.

Good luck,

Chad

https://kc.mcafee.com/corporate/index?page=content&id=KB61125
https://www.jamf.com/jamf-nation/articles/182/deploying-the-mcafee-epo-agent-using-the-casper-suite

MikaelDez · ‎08-07-2020

I've only used composer a few times, what do you mean by drag the .sh file into composer? From my understanding with Composer I would create a snapshot before I downloaded the .sh file, then I would download the .sh file to a directory and then create a package source from that. Thanks for your response I'm working on having my Security guy download that install.sh file for me!

sdagley · ‎08-07-2020

@mikedesmarais You would definitely not use Composer to snapshot a McAfee install install in order to deploy it to your environment. Composer is also capable of manually building an install, where you add the components you need installed, and also allows you to provide a script that will do something before/after those items are installed. In simplest terms you could create a package in Composer that places the McAfee install.sh file into the /tmp directory, and has a postinstall script that runs the install.sh script from that location.

MikaelDez · ‎08-07-2020

I was able to get the install.sh file and used composer to put it in a directory. I can then manually install using /private/tmp/install.sh -i, but when I uploaded the package to jamf, created a policy and used "Execute Command" I get the following error in the policy log:

Executing Policy Install McAfee Agent
Downloading McAfee.pkg...
Downloading https://use1-jcds.services.jamfcloud.com//download/30945bcffa684739951d710085b4c3d9/McAfee.pkg?token=dfad8483df2944979dd346d105bd23eet30jm208d9gu8ds9kgcukyyol9p850t3...
Verifying package integrity...
Installing McAfee.pkg...
Successfully installed McAfee.pkg.
Running command /Users/Shared/install.sh -i...
Result of command:
bit-64
mktemp: mkdtemp failed on mfe1SJQ0O: Read-only file system
mkdir: : No such file or directory
Aug 7 16:26:05 installer[4737] <Critical>: PFPkg: No file found at path: /ma.pkg
Aug 7 16:26:05 installer[4737] <Critical>: PFPackage::packageWithURL - can't instantiate package: /ma.pkg
installer: Error - the package path specified was invalid: 'ma.pkg'.
hdiutil: detach failed - No such file or directory
/Users/Shared/install.sh: line 76: cd: HOME not set
installing client extension from : /

Any ideas why I can run this locally just fine but the Jamf policy is failing? I tried to add a script to the policy using the appropriate command instead of using the "Execute Command" option and I get the same results. The above error shows /Users/Shared/install.sh as the path because I was troubleshooting.

chadlawson · ‎08-13-2020

I totally forgot to come back and see if my advice worked or not!

Can you include a screenshot of what your Composer source looks like and another of your policy? I feel like you are really close.

MikaelDez · ‎08-13-2020

I ended up following the advice on this thread: https://www.jamf.com/jamf-nation/discussions/36443/mcafee-endpoint-security-pppc

Basically it was adding a post install script inside the package vs using it as a command in the policy. I’m not sure why it would matter either way, but it did!

MikaelDez · ‎08-13-2020

Sorry not that above link, this one: https://www.jamf.com/jamf-nation/discussions/35470/mcafee-agent-and-catalina

(It’s been a McAfee filled week for me)

chadlawson · ‎08-13-2020

Glad it worked out for you. Sorry my explanation was unclear/incomplete but I’m glad you got what you needed.

MikaelDez · ‎08-13-2020

No worries, honestly I feel like it should have worked for me the way you outlined, I’m chalking it up to one of those things I’ll never find out haha. Thanks for giving your advice!

Jamf Nation Community

Using AppleScript to enter text into a "make changes" prompt