Mcafee Epo Remote Provisioning Tool For Mac
Hello, I'm trying to find some more information on getting our ePO server to see our Mac clients as managed objects. There was an install dmg file that was created for previous versions of OSX, but will not install on Lion. I have the new version of the McAfee Security (VirsScan9.1) but I cannot figure out how to get this to communicate with ePO.
Google searches have come up empty as well. Once I get this working, I can use Casper to deploy to my Mac OSX clients. Any help on this will be helpful! We are using McAfee at my place. I had our McAfee admin create and installer agent as mentioned above.
That installer creates a install.sh script, and hidden files. I then packaged it so it could be placed in a hidden directory. I use a separate script to kick the install.sh that is run on a policy based on a smart group that looks for the receipt from the previous package. I hope this helps.
FYI- On another note we are deploying the McAfee Security suite to our Macs, not just the antivirus. We have had challenges installing it via epo. We get our client computers to check-in, but deploying the security suite reliably has been hit or miss, regardless of the OS version or specific intel chip set.
I have worked with our McAfee admin, on-site, and off-site McAfee engineers to try and diagnose this intermittent behavior but they (McAfee) have no solution for us after many months. That being said we are also deploying the actual McAfee security suite via Casper as well.
This has been reliable for us so far but we are just testing it now. Our hopes are that the epo server will at least be able to deploy hot fixes, and updates but I am not opptomistic. I work for McAfee and can help you here. The most common sticking point is that the root user must be enabled. So if you're getting inconsistent behavior it may be because you don't have the root user enabled.
We recently released McAfee Agent for Mac 4.6 patch 1 and that has lots of improvements (including a command line interface). So I'd start by enabling root and getting that latest release. I am working with the JAMF team to provide instructions for deploying all of the McAfee Security for Mac products (Anti-Malware, Application Protection, Desktop Firewall, and Endpoint Encryption) from the Casper Suite. Stay tuned for more content on that topic on jamfnation. I have this installed on several Macs all running Lion, and yes, you need to work with McAfee on this, we are using the endpoint encryption agent and an EPO server as well.
You need to have the Macs integrated into the AD, at least for us since we are a large enterprise with a mix of PC and Macs, AD integration is a must have. Also the endpoint encryption agent has many caveats with respect to supported Mac platforms. Discovery and registration to the EPO server was also quite painful and took a few days and a number of fixes and patches to get working properly, well, get it working consistently. Bottom line here, work with McAfee. While I have no problem trying to work with McAfee or any vendor, we have been trying for several months to resolve this with McAfee. McAfee has told us many times to 'wait for the latest release that will be out soon and address the issue'. They have been given countless logs and have never given us any type of solution or even a workaround.
We are an AD house and all our Macs are using AD for login so I know we meet that requirement. As far as the suggestion that we enable 'root', and that this would solve the issues. Well that seems to fly directly in the face of Apple recommended security practices. Please follow the link below for the 'Snow Leopard Security Config' document, and see the bottom of page 125 which states the following; 'The most powerful user account in Mac OS X is the system administrator or root account. By default, the root account on Mac OS X is disabled and it is recommended you do not enable it. The root account is primarily used for performing UNIX commands.' I just want to thank everyone for their input it has all been insightful.
@Robert - If you could find that and post the link, I would love to see it. @Henry - We aren't using McAfee's endpoint encryption software, but we did look at it, got it to work and never had to enable root. I guess we will have to factor that into our decision making in the future. @Larson - I really would like to see the McAfee documents that state that. Is there is a link you could post to a KB article or white paper? Regardless thank you for your information regarding this.
Mcafee Epo Remote Provisioning Tool For Mac Free
I now have to wonder why, as a platinum support customer, no one at McAfee could have told us this. I didn't have to do any of the extra work that Robert went through- I just threw the install.sh script into a installer package that copies it to /private/tmp/cma and then runs a postflight script that has exactly one line: /private/tmp/cma/install.sh -i The security package gets installed by casper as well- I just put the package as supplied by mcafee into casper, and it works at imagetime or on demand. I have no idea why McAfee says the root account needs to be enabled. Maybe they've never heard of sudo?? Actually, this requirement for root seems to be a bit of a moving target.
The McAfee Agent for Mac Product Guide explicitly states that root must be used, but this KB says admin OR root Based on my own testing and anecdotal evidence from other customers, it appears that you can install without enabling root. It is as simple as delivering the install.sh file, then sudo chmod +x install.sh, and then sudo./install.sh -i I will update this thread when the document that I'm co-authoring with the JAMF team gets published on jamfnation. @RobertHammen I totally agree with your assessment and am working hard to fix it. I'm on the pre-sales engineering side, so I don't have direct control over the product but we and customers like you do have a voice. Would you please submit your suggestion to the official product enhancement request system? It is I know that 'eliminate the root user requirement' is on the roadmap, but multiple customer requests will get it to the top of the list faster.
Mcafee Epo Remote Provisioning Tool For Mac Download
In the meantime, we have to lean on our good friends at JAMF to help us make this successful in the enterprise.