Install McAfee

makander
Contributor

I've followed the instructions given on how to install McAfee with Casper.

https://jamfnation.jamfsoftware.com/article.html?id=182

Packed the installer.sh with composer, deployed it with a policy that ends with the command sudo /installpath/install.sh -i.

But I get this error when I'm trying to install McAfee through the policy. /usr/sbin/jamf is version 8.64
Executing Policy Install McAfee Install...
Downloading http://MyCasperServer/CasperShare/Packages//McAfee Install.dmg...
Verifying DMG...
Installing McAfee Install.dmg...
Closing package...
Running command sudo /Library/Application Support/McAfee/install.sh -i...
Result of command:
space required to copy archive is 32909286 bytes
space available at mfeCVbPYr is 114332958720 bytes
extracting archive to mfeCVbPYr... please wait
204+0 records in
204+0 records out
104448 bytes transferred in 0.000720 secs (145061809 bytes/sec)
31921+1 records in
31921+1 records out
16343559 bytes transferred in 0.108141 secs (151132015 bytes/sec)
Archive: mfeCVbPYr/package.zip
inflating: mfeCVbPYr/MFEcma.dmg inflating: mfeCVbPYr/reqseckey.bin inflating: mfeCVbPYr/srpubkey.bin inflating: mfeCVbPYr/sitelist.xml inflating: mfeCVbPYr/req2048seckey.bin inflating: mfeCVbPYr/sr2048pubkey.bin inflating: mfeCVbPYr/agentfipsmode Beräknar kontrollsumma för whole disk (Apple_HFS : 0)…
whole disk (Apple_HFS : 0): verifierade CRC32 $0FB1AE4E
verifierade CRC32 $1C5BA69D
/dev/disk1 /Volumes/MFECMA
installer: Package name is McAfee Agent
installer: Upgrading at base path /
installer: The upgrade failed (Installeraren stötte på ett fel som förhindrade installationen. Kontakta programtillverkaren och be om assistans.)
"disk1" unmounted.
"disk1" ejected.

Do you have any suggestions on how to fix this? I've tried searching for it but haven't found anything. The script by itself worked fine on my unit but when I try to deploy it with a policy it doens't work.

15 REPLIES 15

donmontalvo
Esteemed Contributor III

We had problems (didn't save the error messages) so we wrapped a fresh script and the problems went away.

Wouldn't it be nice if McAfee provided a proper PKG package that follows Apple's guidelines, instead of the bloated install.sh script that has an embedded binary that tends to fail. Add them to the list of vendors who need to shake up their development team (and their manager) and hire someone who bothers to read Apple's developer docs.

--
https://donmontalvo.com

makander
Contributor

"We had problems (didn't save the error messages) so we wrapped a fresh script and the problems went away."

How'd you do that Don?

donmontalvo
Esteemed Contributor III

Hi Nils,

If you're using Composer, just create a fresh package. We use Packages.app to put install.sh into /private/tmp and we add a post-installation script to trigger the command.

The install.sh script must've got mangled somehow (well duh, the script is 16MB+ in size -- was the developer smoking crack?!), the new package was done exactly the same as the old package, and worked fine.

Not a fan of folks who stuff binaries into shell scripts...and not a fan of Composer. ;)

http://s.sudre.free.fr/Software/Packages/about.html

JAMF...you guys really, really would do well to partner with this developer. It's a free and easy to build workflows around...would be "very, very awesome" to have it bundled with the Casper Suite tools...and Stéphane Sudre "fits" the JAMF culture. :)

Don

--
https://donmontalvo.com

RobertHammen
Valued Contributor II

Don, I downloaded Packages based on your recommendation. Maybe I'm missing something, but Composer is just a heck of a lot easier to use, particularly for novices. I've had fairly good success with it. Where I haven't, Iceberg has been a relatively easy-to-understand tool.

I might feel differently if I was a developer and wanted to customize my .pkg more. Most of the people I end up showing Composer to just need to package some files, maybe have a preflight script and/or a postflight script. Not worried about languages, or customizing the GUI.

What features of Packages do you feel that Composer needs? That might be a useful discussion for JAMF/spin off some feature requests...

donmontalvo
Esteemed Contributor III

You're right, if you're distributing simple stuff and logic or workflows don't matter, any tool will work. :)

external image link

If you need to create packages that don't lock you in to a proprietary tool or workflow, Packages.app (Iceberg.app is its predecessor) creates proper PKG installers that can be deployed using Casper Suite as well as ARD/SCP and double-click in Finder. To do the later, you'll need to build requirements checks into your package (etc., etc.)...good luck doing that with Composer. LOL

--
https://donmontalvo.com

mscottblake
Valued Contributor

@makander:
Is your install.sh file executable? I think it has to be in order to get as far as you did, but it's gotta be asked. Also, inside the run command, you don't need to use sudo since it's being run with root privileges already. That could be causing it to fail as it would need to prompt for a password to use with sudo.

@RobertHammen:
I also use Packages and I find it to be incredibly powerful and robust, but it is definitely not as intuitive as Composer. I think that simply comes from being a simpler application that doesn't have as many options. It took me a day or two of playing around with it to get the hang of it, but now that I've figured it out, I think it's great.

makander
Contributor

@Msblake: Yeah, the script works fine when I use it without having it packaged on my unit. But as soon as I package it and try to distribute it, it fails. Maybe it's because of composer as previously stated. I'm going to try out Packages and see if makes any difference.

dexterrivera
New Contributor III

@makander
Are you by any chance installing McAfee Security for Mac before the agent?

I ran into the same exact issue last week on the machine I use to test builds but it was not happening on any other machine and the only difference was that I was testing the installation of the AV during the build, which doesn't seem to like to be installed unless there is a user logged in by the way. So I removed the AV install from the build and re-imaged the machine and the agent package began working again.

makander
Contributor

Sorry for the delay! Well, I tried to package it like Don did with packages into /sbin/ and then ran it with a policy, that worked fine.

But then I get the same issue as @dexterrivera. If I install the AV McAfee Security and then the install.sh script to update the repository. The update wont work and the install.sh script wont update the Repository list. Still troubleshooting it.

scottb
Honored Contributor

@donmontalvo Are you still using this process successfully?

If you're using Composer, just create a fresh package. We use Packages.app to put install.sh into /private/tmp and we add a post-installation script to trigger the command.

I'm trying this as well and it doesn't seem to fully function. I did the chmod +x on it, etc. but when I run from the JPS (10.1.1) on 10.13.3 Macs, it's not ever completing the pull of software.

gachowski
Valued Contributor II

We are..

  1. Store the install script at some hidden location.
  2. Custom event to trigger 2nd script to start install script a hidden location.
  3. Script 2nd tells agent to start up and call EPO server.
  4. Custom event to install McAfee installers for Threat Protection FireWall straight from McAfee.

C

scottb
Honored Contributor

@gachowski - are you referring to this in #3?

/Library/McAfee/agent/bin/cmdagent -p

gachowski
Valued Contributor II

@scottb

#!/bin/sh

## Install agent
/Users/Shared/install.sh -i > /dev/null 2>&1

## Start agent
/Library/McAfee/cma/scripts/ma start

## Wait 30 seconds
/bin/sleep 30

## Talk to server
/Library/McAfee/cma/bin/cmdagent -p

/bin/sleep 30

## Talk to server
/Library/McAfee/cma/bin/cmdagent -c


exit 0

scottb
Honored Contributor

Thank you, @gachowski - trying this now, using /tmp for the script is the only difference...
Will report back. The version we're running is 10.2.3 (3074) FWIW.

scottb
Honored Contributor

@gachowski - this is looking good! So far, 3/3 have been successful, if you allow for the time it takes for the Console to pick the Macs up it's doable.
Thank you for this (and others). Will report back if anything changes...