How to Install McAfee Agent on Mac OS?

Leave a comment

This post provides step by step guide to Install McAfee agent on Mac OS. Though the McAfee KB available for the same, could see some of us struggling to do it. So felt outlining a steps with commands will be helpful. Consider Mac OS version 10.14.3 and McAfee Agent version 5.6.2 used for demonstration here. Kindly note this guide suitable for ePO environment.

Step1: Get McAfee agent package from ePO

Use any one of below method to get the McAfee Agent Installation package from ePO.

From Console:

System Tree -> New systems -> Select “Create and download agent installation package” -> Click on “Non Windows” -> Select version and “OK”

From ePO Server:

Login to ePO server RDP session. And copy the below Install script to target system.

<ePO Installation directory>\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700MACX\Install\0409\install.sh

Step2: Install McAfee Agent

First extract the archive and execute the Installer script. Then output will be similar to below if the Installation is successful.

$ # unzip -d MA562 MA_5.6.2.209_MacOS.zip
--output--
Archive:  MA_5.6.2.209_MacOS.zip
  inflating: MA562/install.sh

$ sudo sh MA562/install.sh -i
--output cropped--
installer: The install was successful.
"disk1" ejected.
installing client extension from : /Users/sunt/Desktop/mfezRH8rw
Product count is : 1
Product is : DXL.zip
Calling mcupdater : location : /Users/sunt/Desktop/mfezRH8rw
Stopping McAfee Agent services... [OK]
Stopping McAfee common  services... [OK]

Starting McAfee common services... [OK]
Starting McAfee Agent services... [OK]

Further verify and ensure McAfee agent Installed correctly.

--List Installed McAfee agent pacakges--
$  pkgutil --pkgs |grep -e cma -e dx
--output--
com.mcafee.dxl
comp.nai.cmamac

--Show details of Installed McAfee agent package--
$ pkgutil --pkg-info comp.nai.cmamac
--output--
package-id: comp.nai.cmamac
version: 5.0.0
volume: /
location:
install-time: 1573565067

--Verify agent settings and version--
$ /Library/McAfee/agent/bin/cmdagent -i
--output--
Component: McAfee Agent
AgentMode: 1
Version: 5.6.2.209
GUID: 5123456-054e-11ea-0623-080027c56e2a
TenantId: N/A
LogLocation: /var/McAfee/agent/logs
InstallLocation: /Library/McAfee/agent
CryptoMode: 0
DataLocation: /var/McAfee/agent
EpoServerList: 10.20.30.10|epo-server-1|epo-server-1.sunt.com|10.20.30.20|epo-server-2|epo-server-2.sunt.com
EpoPortList: 443|443
EpoServerLastUsed: 10.20.30.10
LastASCTime: 20191112184736
LastPolicyUpdateTime: 20191112184737
EpoVersion: 5.x.x
ServerId: xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx

Step3 (Optional): Set Custom Properties

This step is optional. Therefore If your organization demands to set custom properties, you may refer these commands. Unlike Windows, McAfee agent Installation command of Mac OS do not accept custom properties as arguments. Since you must set it manually after McAfee agent Installation.

--This command needs root privileges since use sudo--
$ sudo /Library/McAfee/agent/bin/maconfig -custom -prop1 "xyz" -prop2 "xyz" -prop3 "xyz"

Note: Kindly replace “xyz” with the value suitable to your requirement.

Step4: Start McAfee Agent service

Now its time to start McAfee Agent service. Since these commands need root privileges, use “sudo” as prefix.

$ sudo /Library/McAfee/agent/scripts/ma start 
--output--
Starting McAfee common services... [OK]
Starting McAfee Agent services... [OK]

--To verify status (without sudo, it shows as agent not running)--
$ sudo /Library/McAfee/agent/scripts/ma status
--output--
McAfee agent service is already running.
McAfee common service is already running.

--To list the active process of McAfee agent--
$ sudo ps -A -o user,pid,ppid,command |grep -i mcafee
mfe              2520     1 /Library/McAfee/agent/bin/macmnsvc self_start
root             2524     1 /Library/McAfee/agent/bin/masvc self_start

Step5: Verify agent to server communication

Finally verify and ensure agent do talking to ePO without any Issue.

--To enforce agent to server communication manually and Immediately--
$ /Library/McAfee/agent/bin/cmdagent -p
--output--
2020-02-04 14:54:41.960 (1379.333997504) cmdagent.Info: Properties collect and send command initiated by cmdagent.

--To check server response status, response code 200 means connection success--
$ tail -50f /var/McAfee/agent/logs/masvc_smeenatchi-mac-01.log
--output cropped--
2020-02-04 14:51:40.313 (1361.124515776) ahclient.Info: Network library rc = <1008>, Agent handler reports response code <200>.
2020-02-04 14:51:40.314 (1361.124515776) ahclient.Info: Agent handler reports spipe package received. response code 200.
2020-02-04 14:51:40.315 (1361.124515776) ahclient.Info: Spipe connection response received, network return code = 1008, response code 200.
2020-02-04 14:51:40.326 (1361.124515776) policy.Info: Agent received POLICY package from ePO server
2020-02-04 14:51:40.394 (1361.124515776) ahclient.Info: Agent communication session closed

Like above, does the log shows server response code of 200. Then agent received response from server. Thus it mean agent talking to ePO well. Herewith completed McAfee agent Install on Mac OS.

Additional Useful Commands

Found bunch of other commands useful during Installation and troubleshooting. Hence will write them here with its purpose and syntax.

Q1: How to list the kernel modules loaded for McAfee agent?

--To list loaded kernel modules from McAfee agent--
$ sudo launchctl list |grep -i mcafee
--output--
2821    0       com.mcafee.agent.macmn
2825    0       com.mcafee.agent.ma

Q2: What is the command to stop and restart McAfee agent service?

--To stop McAfee agent service--
$ sudo /Library/McAfee/agent/scripts/ma stop
--output--
Stopping McAfee Agent services... [OK]
Stopping McAfee common  services... [OK]

--To restart McAfee agent service--
$ sudo /Library/McAfee/agent/scripts/ma restart
--output--
Stopping McAfee Agent services... [OK]
Stopping McAfee common  services... [OK]

Starting McAfee common services... [OK]
Starting McAfee Agent services... [OK]

--Verify status--
$ sudo /Library/McAfee/agent/scripts/ma status
--output--
McAfee agent service is already running.
McAfee common service is already running.

Q3: Is there a way to disable McAfee agent service and prevent startup during boot of Mac OS?

--To stop McAfee agent service--
$ sudo /Library/McAfee/agent/scripts/ma stop

--to disable McAfee agent kernel modules from loading during boot time--
$ sudo launchctl disable system/com.mcafee.agent.ma
$ sudo launchctl disable system/com.mcafee.agent.macmn

Above commands disable McAfee agent kernel modules. Hence it will not start automatically from next boot.

Q4: How do I re-enable McAfee agent services to load automatically during boot time on Mac OS?

--to enable kernel modules loading--
$ sudo launchctl enable system/com.mcafee.agent.macmn
$ sudo launchctl enable system/com.mcafee.agent.ma

--to start service Immediately--
$ sudo /Library/McAfee/agent/scripts/ma start

Above command does enable McAfee agent kernel modules to load during Mac OS boot time. Since from next restart McAfee agent do start automatically.

Q5: Is it possible to find out ePO server details from client (agent) system? And how to verify connectivity to it through commands?

Have already wrote answer to this question in other post. Request you to look at “Troubleshooting Section” of post http://techadminblog.com/how-to-install-mcafee-agent-on-linux/

To conclude, have shared as much as Information I could with examples. Hope this does helps you when needed. And please post your thoughts and queries in comments section. At last Thank You for reading my post !!

Leave a Reply

Your email address will not be published. Required fields are marked *