Managing Mac OSX McAfee Agents

Installing the McAfee Agent 4.x (Unmanaged)

How to install the unmanaged agent

1. Download the MA package locally to the machine in a temporary directory

• Unzip the package.
• Locate the file with the .dmg extension (ex. MFEcma.dmg)
• Double click the file and follow the wizard to complete the installation.
• To verify the installation check to see if the following directory exists:
  • /Library/McAfee/cma
    • Note:  The use of an unmanaged agent is generally for machines that are setup by desktop support and will need to be managed by ePO later.  For information on how to manage the system see the next section.  In addition Mac OS X server provides a feature called System Imaging.  With this tool administrators can create system images with software installed such as the McAfee 4.x Unmanaged Agent.  Administrators can setup new machines with images faster and the McAfee Agent 4.x can be managed after the system is imaged.  This is done to avoid duplicate GUIDs.  For more information about Mac OS X server tools visit http://www.apple.com/server/macosx/features/client-management.html.

Enabling an Unmanaged Agent

Take control of unmanaged agents with ePO

1. An unmanaged agent is essentially an operating agent that is missing the necessary information to communicate to the ePO server.  The agent needs the SiteList and the Public Keys and initial Request Keys to check into ePO.  These files can be copied to the unmanaged machine from the ePO server using the following steps:

·     /opt/McAfee/cma/bin/msaconfig –m –d <path of location containing srpubkey.bin, regseckey.bin, and sitelist.ml> [-nostart]

·     It is recommended to copy the srpubkey.bin, regseckey.bin,a nd SiteList.xml from the ePO server to a shared folder or directly to the local machine.  These files can be found on the ePO server in <drive>\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700MACX\Install409\

Installing the McAfee Agent 4.x (Managed)

How to install a managed agent

1. In many instances an agent is installed on a machine in managed mode.  In order to setup a managed agent the administrator will need to ensure the McAfee Agent 4.x package and extension are checked into the ePO server master repository.

·     Download the McAfee Agent package (ex. MA450MAC.zip)

·     Download the McAfee Agent extension package (ex. Epoagentmeta.zip)

·     Log in to the ePO console

·     Check in the two packages to the master repository

1. Click Menu | Software | Master Repository
2. Select Actions | Check In Package at the bottom left of the screen
3. Leave the default Package Type selected Product or Update (.ZIP)
4. Click the Browse button and navigate to the agent package (ex. MA450MAC.zip)
5. Follow the on screen options to complete the check in process
6. When the package check in is complete click Menu | Software | Extensions
7. Select Install Extension from the bottom left of the screen
8. Click the Browse button and navigate to the agent extension package              (ex. Epoagentmeta.zip)
9. Follow the on screen options to complete the check in process
10. Once the McAfee Agent 4.x is fully checked into the ePO server the install file is ready.

·     Copy the install file locally to the Mac or to a shared drive that can be access from the Mac.  The install file can be found on the ePO server

1. <drive>\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700MACX\Install409\install.sh

·     Note:  The path shown above is for the McAfee Agent 4.5.  The path for the 4.0 agent will be in a different EPOAGENT3xxxMACX directory

·     After the file is copied to the shared drive or locally it is ready to use for the installation

·     Open the terminal on the Mac and type the following in the same directory where install.sh is stored

1. 1. Chmod +x install.sh (this adds execute mode to the file)
2. 2. Sudo ./install.sh –i (this runs the install using the –i switch)

·     When the installation completes wait 5-10 minutes for the agent to check into ePO.  It will most likely be found in the Lost & found group unless sorting is turned on.  If the machine does not populate in the ePO system tree after 10-15 minutes restart the machine if possible.

1. If a machine has the McAfee Agent 4.0 and needs to be manually upgraded to 4.5 perform the following:

·     Copy the install file locally to the Mac or to a shared drive that can be access from the Mac.  The install file can be found on the ePO server

1. <drive>\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700MACX\Install409\install.sh

·     After the file is copied to the shared drive or locally it is ready to use for the installation

·     Open the terminal on the Mac and type the following in the same directory where install.sh is stored

1. 1. Chmod +x install.sh (this adds execute mode to the file)
2. 2. Sudo ./install.sh –u (this runs the upgrade using the –u switch)

Removing the McAfee Agent 4.x

How to remove an agent via the ePO console (managed)

1. Once the environment is established and the majority of the systems are managed by ePO; removal is done via the ePO console.

·     To remove the agent using the ePO console perform the following steps:

1. Click Menu | System Tree
2. Select the system(s) form the system tree
3. Select Actions| Directory Management | Delete
4. A delete message will appear asking to Remove the Agent
5. Select the check box and click Ok
6. The next time the McAfee Agent checks into the ePO server or Agent Handler it will then perform the uninstall

How to remove an agent using terminal (managed or unmanaged)

1. In some instances removing the agent on a machine is not possible from the ePO console.  This usually occurs when the machine is not connected to the network or when the Agent is having issues connecting to the ePO server.

·     To remove the agent using the terminal perform the following steps:

1. Log on to the machine or SSH to the machine
2. Open terminal (Shell Prompt)
3. Change to the McAfee directory /Library/McAfee/cma
4. Type sudo ./uninstall.sh
5. Wait for the script to display “Agent uninstalled”

Installing products via the McAfee Agent 4.x

How to install McAfee Security for Mac via the ePO console

1. McAfee Security for Mac – AV can be installed using via the agent from the ePO server.

·     Before the software can be deployed it is necessary to check in the two packages to the master repository.  Download the software package so that it can be checked into the Master Repository.  The McAfee Security for Mac software is tricky so it is important to follow the next steps exactly.

1. Unzip MSMAntimalware10LML.zip
2. Locate and unzip ePO Component that is found inside the unzipped directory MSMAntimalware10LML
3. Click Menu | Software | Master Repository
4. Select Actions | Check In Package at the bottom left of the screen
5. Leave the default Package Type selected Product or Update (.ZIP)
6. Click the Browse button and navigate to the agent package (ex. <drive>/Downloads/MSMAntimalware10LML/ePO Component/ePO 4.x Deployment Packages/McAfee Security for Mac-Anti-malware-1.0-RTW-ePO-676.zip)
7. Follow the on screen options to complete the check in process
8. When the package check in is complete click Menu | Software | Extensions
9. Select Install Extension from the bottom left of the screen
10. Click the Browse button and navigate to the agent extension package              (ex. <drive>/Downloads/MSMAntimalware10LML/ePO Component/ePO 4.x Extensions/McAfee Security for Mac-1.0-Anti-malware.zip)
11. Follow the on screen options to complete the check in process
12. Click the Browse button again and navigate to the agent reports extension package (ex. <drive>/Downloads/MSMAntimalware10LML/ePO Component/ePO 4.x Extensions/McAfee Security for Mac-1.0-Reports.zip)
13. Follow the on screen options to complete the check in process

·     After checking the software into the Master Repository the product is ready to deploy

1. Log into the ePO Console
2. Select Menu | System Tree
3. Choose the Group or subgroup from the system tree where the task should be created
4. Under the My Organization field select the Client Tasks tab
5. Click New Task at the bottom of the screen
6. Name the task and enter any necessary notes then choose Product Deployment from the drop down menu then select Next.
7. On the configuration page select Mac for the Target Platform
8. Choose McAfee Security for Mac – AV 1.0.xxx from the drop down menu
9. Ensure that Install is selected for the action type then select Next
10. At the Schedule section make the desired selections then click Next then Save
11. Wait for the systems to check into ePO or issue a Wake Up call for them to pull down the new task

How to remove McAfee Security for Mac via the ePO console

1. The most common way to remove software is through the ePO console.

·     To remove the agent using ePO perform the following steps:

1. Log into the ePO Console
2. Select Menu | System Tree
3. Choose the Group or subgroup from the system tree where the task should be created
4. Under the My Organization field select the Client Tasks tab
5. Click New Task at the bottom of the screen
6. Name the task and enter any necessary notes then choose Product Deployment from the drop down menu then select Next.
7. On the configuration page select Mac for the Target Platform
8. Choose McAfee Security for Mac – AV 1.0.xxx from the drop down menu
9. Ensure that Remove is selected for the action type then select Next

Wait for the systems to check into ePO or issue a Wake Up call for them to pull down the new task