Mcafee Agent For Mac Manual Installeagleecho

You will have to manually remove them by going to the certain hidden folders on Mac Hard Drive. Go to /usr/local & remove VI2, SpaMini & McAfee folders. Go to /system/library & remove McAfee folder. Go to /library/application support & remove McAfee & Verizon for VISS folders. Restart the computer. To install McAfee Internet Security for Mac Locate the folder in which you downloaded the McAfee-MacInstaller-x.x.dmg file, and double-click it to open it. Double-click the McAfee-MacInstaller-x.x.dmg file. To make sure that the McAfee browser plug-in installs correctly, close your browsers (Safari and Chrome) during installation.

  1. Mcafee Agent Manual Install
  2. Mcafee Mac Agent Install

Installing the McAfee Agent 4.x (Unmanaged)

How to install the unmanaged agent

  1. Download the MA package locally to the machine in a temporary directory
  • Unzip the package.
  • Locate the file with the .dmg extension (ex. MFEcma.dmg)
  • Double click the file and follow the wizard to complete the installation.
  • To verify the installation check to see if the following directory exists:
    • /Library/McAfee/cma
      • Note: The use of an unmanaged agent is generally for machines that are setup by desktop support and will need to be managed by ePO later. For information on how to manage the system see the next section. In addition Mac OS X server provides a feature called System Imaging. With this tool administrators can create system images with software installed such as the McAfee 4.x Unmanaged Agent. Administrators can setup new machines with images faster and the McAfee Agent 4.x can be managed after the system is imaged. This is done to avoid duplicate GUIDs. For more information about Mac OS X server tools visit http://www.apple.com/server/macosx/features/client-management.html.


Enabling an Unmanaged Agent

Take control of unmanaged agents with ePO

  1. An unmanaged agent is essentially an operating agent that is missing the necessary information to communicate to the ePO server. The agent needs the SiteList and the Public Keys and initial Request Keys to check into ePO. These files can be copied to the unmanaged machine from the ePO server using the following steps:

· /opt/McAfee/cma/bin/msaconfig –m –d <path of location containing srpubkey.bin, regseckey.bin, and sitelist.ml> [-nostart]

· It is recommended to copy the srpubkey.bin, regseckey.bin,a nd SiteList.xml from the ePO server to a shared folder or directly to the local machine. These files can be found on the ePO server in <drive>Program FilesMcAfeeePolicy OrchestratorDBSoftwareCurrentEPOAGENT3700MACXInstall409

Installing the McAfee Agent 4.x (Managed)

How to install a managed agent

  1. In many instances an agent is installed on a machine in managed mode. In order to setup a managed agent the administrator will need to ensure the McAfee Agent 4.x package and extension are checked into the ePO server master repository.

· Download the McAfee Agent package (ex. MA450MAC.zip)

· Download the McAfee Agent extension package (ex. Epoagentmeta.zip)

· Log in to the ePO console

· Check in the two packages to the master repository

  1. Click Menu Software Master Repository
  2. Select Actions Check In Package at the bottom left of the screen
  3. Leave the default Package Type selected Product or Update (.ZIP)
  4. Click the Browse button and navigate to the agent package (ex. MA450MAC.zip)
  5. Follow the on screen options to complete the check in process
  6. When the package check in is complete click Menu Software Extensions
  7. Select Install Extension from the bottom left of the screen
  8. Click the Browse button and navigate to the agent extension package (ex. Epoagentmeta.zip)
  9. Follow the on screen options to complete the check in process
  10. Once the McAfee Agent 4.x is fully checked into the ePO server the install file is ready.

· Copy the install file locally to the Mac or to a shared drive that can be access from the Mac. The install file can be found on the ePO server

  1. <drive>Program FilesMcAfeeePolicy OrchestratorDBSoftwareCurrentEPOAGENT3700MACXInstall409install.sh

· Note: The path shown above is for the McAfee Agent 4.5. The path for the 4.0 agent will be in a different EPOAGENT3xxxMACX directory

· After the file is copied to the shared drive or locally it is ready to use for the installation

· Open the terminal on the Mac and type the following in the same directory where install.sh is stored

  1. 1. Chmod +x install.sh (this adds execute mode to the file)
  2. 2. Sudo ./install.sh –i (this runs the install using the –i switch)

· When the installation completes wait 5-10 minutes for the agent to check into ePO. It will most likely be found in the Lost & found group unless sorting is turned on. If the machine does not populate in the ePO system tree after 10-15 minutes restart the machine if possible.

  1. If a machine has the McAfee Agent 4.0 and needs to be manually upgraded to 4.5 perform the following:

· Copy the install file locally to the Mac or to a shared drive that can be access from the Mac. The install file can be found on the ePO server

  1. <drive>Program FilesMcAfeeePolicy OrchestratorDBSoftwareCurrentEPOAGENT3700MACXInstall409install.sh

· After the file is copied to the shared drive or locally it is ready to use for the installation

Mcafee Agent Manual Install

· Open the terminal on the Mac and type the following in the same directory where install.sh is stored

  1. 1. Chmod +x install.sh (this adds execute mode to the file)
  2. 2. Sudo ./install.sh –u (this runs the upgrade using the –u switch)

Removing the McAfee Agent 4.x

How to remove an agent via the ePO console (managed)

  1. Once the environment is established and the majority of the systems are managed by ePO; removal is done via the ePO console.

· To remove the agent using the ePO console perform the following steps:

  1. Click Menu System Tree
  2. Select the system(s) form the system tree
  3. Select Actions Directory Management Delete
  4. A delete message will appear asking to Remove the Agent
  5. Select the check box and click Ok
  6. The next time the McAfee Agent checks into the ePO server or Agent Handler it will then perform the uninstall

How to remove an agent using terminal (managed or unmanaged)

  1. In some instances removing the agent on a machine is not possible from the ePO console. This usually occurs when the machine is not connected to the network or when the Agent is having issues connecting to the ePO server.

· To remove the agent using the terminal perform the following steps:

  1. Log on to the machine or SSH to the machine
  2. Open terminal (Shell Prompt)
  3. Change to the McAfee directory /Library/McAfee/cma
  4. Type sudo ./uninstall.sh
  5. Wait for the script to display “Agent uninstalled”

Installing products via the McAfee Agent 4.x

How to install McAfee Security for Mac via the ePO console

  1. McAfee Security for Mac – AV can be installed using via the agent from the ePO server.

· Before the software can be deployed it is necessary to check in the two packages to the master repository. Download the software package so that it can be checked into the Master Repository. The McAfee Security for Mac software is tricky so it is important to follow the next steps exactly.

  1. Unzip MSMAntimalware10LML.zip
  2. Locate and unzip ePO Component that is found inside the unzipped directory MSMAntimalware10LML
  3. Click Menu Software Master Repository
  4. Select Actions Check In Package at the bottom left of the screen
  5. Leave the default Package Type selected Product or Update (.ZIP)
  6. Click the Browse button and navigate to the agent package (ex. <drive>/Downloads/MSMAntimalware10LML/ePO Component/ePO 4.x Deployment Packages/McAfee Security for Mac-Anti-malware-1.0-RTW-ePO-676.zip)
  7. Follow the on screen options to complete the check in process
  8. When the package check in is complete click Menu Software Extensions
  9. Select Install Extension from the bottom left of the screen
  10. Click the Browse button and navigate to the agent extension package (ex. <drive>/Downloads/MSMAntimalware10LML/ePO Component/ePO 4.x Extensions/McAfee Security for Mac-1.0-Anti-malware.zip)
  11. Follow the on screen options to complete the check in process
  12. Click the Browse button again and navigate to the agent reports extension package (ex. <drive>/Downloads/MSMAntimalware10LML/ePO Component/ePO 4.x Extensions/McAfee Security for Mac-1.0-Reports.zip)
  13. Follow the on screen options to complete the check in process

· After checking the software into the Master Repository the product is ready to deploy

  1. Log into the ePO Console
  2. Select Menu System Tree
  3. Choose the Group or subgroup from the system tree where the task should be created
  4. Under the My Organization field select the Client Tasks tab
  5. Click New Task at the bottom of the screen
  6. Name the task and enter any necessary notes then choose Product Deployment from the drop down menu then select Next.
  7. On the configuration page select Mac for the Target Platform
  8. Choose McAfee Security for Mac – AV 1.0.xxx from the drop down menu
  9. Ensure that Install is selected for the action type then select Next
  10. At the Schedule section make the desired selections then click Next then Save
  11. Wait for the systems to check into ePO or issue a Wake Up call for them to pull down the new task

How to remove McAfee Security for Mac via the ePO console

Mcafee Agent For Mac Manual Installeagleecho
  1. The most common way to remove software is through the ePO console.

· To remove the agent using ePO perform the following steps:

  1. Log into the ePO Console
  2. Select Menu System Tree
  3. Choose the Group or subgroup from the system tree where the task should be created
  4. Under the My Organization field select the Client Tasks tab
  5. Click New Task at the bottom of the screen
  6. Name the task and enter any necessary notes then choose Product Deployment from the drop down menu then select Next.
  7. On the configuration page select Mac for the Target Platform
  8. Choose McAfee Security for Mac – AV 1.0.xxx from the drop down menu
  9. Ensure that Remove is selected for the action type then select Next

Wait for the systems to check into ePO or issue a Wake Up call for them to pull down the new task

Windows Admins usually have hard time managing MacOS systems. Are you looking to Upgrade or Install McAfee ENS (EndPoint Security) on Mac? If yes then this post will helps you. Here will outline the steps to Upgrade McAfee ENS from 10.5.x to 10.6.x version. But this method well suitable for fresh Installation too.

There are GUI and CLI based Installation methods. But you are free to choose your preferred method.

Note: The products discussed here are of enterprise types. Since you need to have valid grant number to download the products. And the guide provided here suitable for McAfee ePO environments.

Step 1 – Upgrade or Install McAfee ENS on Mac

Note: These steps are applicable for both new and upgrade Installation.

Download McAfee ENS packages (.dmg) from McAfee products download page. For Instance assume ENS version 10.6.5 to demo here.

Method 1 – GUI Installation

  1. Execute “McAfee-Endpoint-Security-for-Mac-10.6.5-RTW-standalone-115.dmg”
  2. Then the Installer dialog box let you choose ENS modules to be Installed. ENS modules are,
    • ENE Threat Prevention
    • ENS Firewall
    • ENS Webcontrol
  3. Once choose the module follow on screen Instruction. Then wait for it to show “Installation completed” popup message.
  4. Proceed to Step2 to enable ENS services for first time.

Method 2 – CLI Installation

This is my favorite option. Because its simple and silent type Installation.

  1. Additional Install script needs to be downloaded for CLI Installation. Download appropriate deployer script from KB84772
  • For ENS version 10.6.5 and later: Download product_deployment_2.0.zip
  • For ENS version 10.6.4 and earlier: Download product_deployment_1.0.zip
  1. Secondly extract the downloaded archive. Then move deployer script to location where ENS package (.dmg) exist. Lets assume both are in Desktop itself
  1. Now do execute the script for Installation to happen. This is same in case of upgrading existing product to newer version.

For example, this command Installs ENS Threat prevention and Firewall modules silently.

Mcafee Mac Agent Install

If Installation succeeds, message similar to below appears on terminal window.

Once completed proceed to Step2 to enable ENS services for first time.

Step 2 – User consent to Load ENS kernel extensions

Note: You might not need for this step when upgrading existing products

What is SKEL?

Ever since macOS High Sierra (10.13) Apple Introduced new security feature called Secure Kernel Extension Loading (SKEL). As this feature requires end-user consent to load any third-party kernel extensions that are installed after the installation of macOS.

Because of SKEL, the kernel extensions of ENSM Threat Prevention – on-access scan, Firewall, and Self Protection are not allowed to load without end-user consent. Hence user must manually authorize McAfee ENS kernel extensions. But this is only needed for very first time after a fresh Installation.

Until user provides consent McAfee ENS remains disabled. So to do that please follow these steps.

  • After Installation finished (from Step1) wait for 10 mins.
  • Since ENS kernel extensions will start loading automatically after 10mins of Installation.
  • Due to which end user sees a McAfee Alert that prompts whether to allow the McAfee kernel extensions, from the Security & Privacy System Preferences pane.
    Note: McAfee Alert re-appears every 30 minutes, until the user provides consent.
  • To provide consent,
    • Navigate to Apple menu -> System Preferences -> Security & Privacy -> General tab -> At bottom left corner click on lock symbol and enter password -> In the same “General tab” underneath press “Allow
    • As a result McAfee kernel extensions will get loaded
  • Further on next policy enforcement, McAfee ENS services starts operating normally as per policy.

Step 3 – Allow full disk access to ENS Threat Prevention (TP)

Ever since Mac Mojave version (10.14), full disk access must be granted exclusively for services. In our case McAfee ENS services needs to be granted with full disk access. Otherwise ENS virus scanner will not be able to scan user protected files.

To provide full disk access,

  • Navigate to Apple menu => System Preferences => Security & Privacy => Privacy tab => Choose “Full disk access” from left side menu list => At bottom left corner click on lock symbol and enter password => Click “Unlock
  • All together should grant full disk access to following four McAfee ENS services
    • AntiMalware/VShieldScanner
    • AntiMalware/VShieldTaskManager
    • AntiMalware/VShieldService
    • fmp/bin/fmp
  • Lets add first service, click on plus (+) symbol
  • Press the Command+Shift+G keys together to open the Go to the Folder dialog
  • Type /usr/local/McAfee, and click Go
  • Browse to the first McAfee component: AntiMalware/VShieldScanner
  • Click Open to grant VShieldScanner Full Disk Access
  • Similarly click (+) and browse to the second ENS service: AntiMalware/VShieldTaskManager
  • Then click Open to grant VShieldTaskManager Full Disk Access.
  • Likewise repeat above steps and add the remaining two ENS services
    • /usr/local/McAfe/AntiMalware/VShieldService
    • /usr/local/McAfee/fmp/bin/fmp
  • After adding all of them, it should looks similar to the one shown in below picture.
  • Note: In case any of the components are not shown in the window, do browse for that component again, and click Open. Also, make sure that each component has a blue check-mark next to it.

Still struck here? No worries, look at this article to know step by step process about adding services to full disk access – Enable-Full-Disk-Access-in-macOS-Mojave

References

Further high level McAfee reference about installation of ENS on Mac – KB89728

To learn – How to Install McAfee agent on Mac?

In conclusion hope this post helps to deal with Upgrade or Install of McAfee ENS on Mac OS. If there are any queries or feedback post them underneath. Will get back to you as quick as possible.