This post provides step by step guide to Install McAfee agent on Mac OS. Though the McAfee KB available for the same, could see some of us struggling to do it. So felt outlining a steps with commands will be helpful. Consider Mac OS version 10.14.3 and McAfee Agent version 5.6.2 used for demonstration here. Kindly note this guide suitable for ePO environment.
Step1: Get McAfee agent package from ePO
Use any one of below method to get the McAfee Agent Installation package from ePO.
System Tree -> New systems -> Select “Create and download agent installation package” -> Click on “Non Windows” -> Select version and “OK”
From ePO Server:
Login to ePO server RDP session. And copy the below Install script to target system.
<ePO Installation directory>\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700MACX\Install\0409\install.sh
Step2: Install McAfee Agent
First extract the archive and execute the Installer script. Then output will be similar to below if the Installation is successful.
$ # unzip -d MA562 MA_18.104.22.168_MacOS.zip --output-- Archive: MA_22.214.171.124_MacOS.zip inflating: MA562/install.sh $ sudo sh MA562/install.sh -i --output cropped-- installer: The install was successful. "disk1" ejected. installing client extension from : /Users/sunt/Desktop/mfezRH8rw Product count is : 1 Product is : DXL.zip Calling mcupdater : location : /Users/sunt/Desktop/mfezRH8rw Stopping McAfee Agent services... [OK] Stopping McAfee common services... [OK] Starting McAfee common services... [OK] Starting McAfee Agent services... [OK]
Further verify and ensure McAfee agent Installed correctly.
--List Installed McAfee agent pacakges-- $ pkgutil --pkgs |grep -e cma -e dx --output-- com.mcafee.dxl comp.nai.cmamac --Show details of Installed McAfee agent package-- $ pkgutil --pkg-info comp.nai.cmamac --output-- package-id: comp.nai.cmamac version: 5.0.0 volume: / location: install-time: 1573565067 --Verify agent settings and version-- $ /Library/McAfee/agent/bin/cmdagent -i --output-- Component: McAfee Agent AgentMode: 1 Version: 126.96.36.199 GUID: 5123456-054e-11ea-0623-080027c56e2a TenantId: N/A LogLocation: /var/McAfee/agent/logs InstallLocation: /Library/McAfee/agent CryptoMode: 0 DataLocation: /var/McAfee/agent EpoServerList: 10.20.30.10|epo-server-1|epo-server-1.sunt.com|10.20.30.20|epo-server-2|epo-server-2.sunt.com EpoPortList: 443|443 EpoServerLastUsed: 10.20.30.10 LastASCTime: 20191112184736 LastPolicyUpdateTime: 20191112184737 EpoVersion: 5.x.x ServerId: xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx
Step3 (Optional): Set Custom Properties
This step is optional. Therefore If your organization demands to set custom properties, you may refer these commands. Unlike Windows, McAfee agent Installation command of Mac OS do not accept custom properties as arguments. Since you must set it manually after McAfee agent Installation.
--This command needs root privileges since use sudo-- $ sudo /Library/McAfee/agent/bin/maconfig -custom -prop1 "xyz" -prop2 "xyz" -prop3 "xyz"
Note: Kindly replace “xyz” with the value suitable to your requirement.
Step4: Start McAfee Agent service
Now its time to start McAfee Agent service. Since these commands need root privileges, use “sudo” as prefix.
$ sudo /Library/McAfee/agent/scripts/ma start --output-- Starting McAfee common services... [OK] Starting McAfee Agent services... [OK] --To verify status (without sudo, it shows as agent not running)-- $ sudo /Library/McAfee/agent/scripts/ma status --output-- McAfee agent service is already running. McAfee common service is already running. --To list the active process of McAfee agent-- $ sudo ps -A -o user,pid,ppid,command |grep -i mcafee mfe 2520 1 /Library/McAfee/agent/bin/macmnsvc self_start root 2524 1 /Library/McAfee/agent/bin/masvc self_start
Step5: Verify agent to server communication
Finally verify and ensure agent do talking to ePO without any Issue.
--To enforce agent to server communication manually and Immediately-- $ /Library/McAfee/agent/bin/cmdagent -p --output-- 2020-02-04 14:54:41.960 (1379.333997504) cmdagent.Info: Properties collect and send command initiated by cmdagent. --To check server response status, response code 200 means connection success-- $ tail -50f /var/McAfee/agent/logs/masvc_smeenatchi-mac-01.log --output cropped-- 2020-02-04 14:51:40.313 (1361.124515776) ahclient.Info: Network library rc = <1008>, Agent handler reports response code <200>. 2020-02-04 14:51:40.314 (1361.124515776) ahclient.Info: Agent handler reports spipe package received. response code 200. 2020-02-04 14:51:40.315 (1361.124515776) ahclient.Info: Spipe connection response received, network return code = 1008, response code 200. 2020-02-04 14:51:40.326 (1361.124515776) policy.Info: Agent received POLICY package from ePO server 2020-02-04 14:51:40.394 (1361.124515776) ahclient.Info: Agent communication session closed
Like above, does the log shows server response code of 200. Then agent received response from server. Thus it mean agent talking to ePO well. Herewith completed McAfee agent Install on Mac OS.
Additional Useful Commands
Found bunch of other commands useful during Installation and troubleshooting. Hence will write them here with its purpose and syntax.
Q1: How to list the kernel modules loaded for McAfee agent?
--To list loaded kernel modules from McAfee agent-- $ sudo launchctl list |grep -i mcafee --output-- 2821 0 com.mcafee.agent.macmn 2825 0 com.mcafee.agent.ma
Q2: What is the command to stop and restart McAfee agent service?
--To stop McAfee agent service-- $ sudo /Library/McAfee/agent/scripts/ma stop --output-- Stopping McAfee Agent services... [OK] Stopping McAfee common services... [OK] --To restart McAfee agent service-- $ sudo /Library/McAfee/agent/scripts/ma restart --output-- Stopping McAfee Agent services... [OK] Stopping McAfee common services... [OK] Starting McAfee common services... [OK] Starting McAfee Agent services... [OK] --Verify status-- $ sudo /Library/McAfee/agent/scripts/ma status --output-- McAfee agent service is already running. McAfee common service is already running.
Q3: Is there a way to disable McAfee agent service and prevent startup during boot of Mac OS?
--To stop McAfee agent service-- $ sudo /Library/McAfee/agent/scripts/ma stop --to disable McAfee agent kernel modules from loading during boot time-- $ sudo launchctl disable system/com.mcafee.agent.ma $ sudo launchctl disable system/com.mcafee.agent.macmn
Above commands disable McAfee agent kernel modules. Hence it will not start automatically from next boot.
Q4: How do I re-enable McAfee agent services to load automatically during boot time on Mac OS?
--to enable kernel modules loading-- $ sudo launchctl enable system/com.mcafee.agent.macmn $ sudo launchctl enable system/com.mcafee.agent.ma --to start service Immediately-- $ sudo /Library/McAfee/agent/scripts/ma start
Above command does enable McAfee agent kernel modules to load during Mac OS boot time. Since from next restart McAfee agent do start automatically.
Q5: Is it possible to find out ePO server details from client (agent) system? And how to verify connectivity to it through commands?
Have already wrote answer to this question in other post. Request you to look at “Troubleshooting Section” of post https://techadminblog.com/how-to-install-mcafee-agent-on-linux/
To conclude, have shared as much as Information I could with examples. Hope this does helps you when needed. And please post your thoughts and queries in comments section. At last Thank You for reading my post !!