Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Pushing Mcafee Endpoint Protection 2.1.0

So I am very rusty at scripting, and I am tasked with pushing Mcafee Endpoint Protection 2.1.0 to our Mac systems using Casper.

So I have the default installation script the McAfee administrator gave us, but the script requires user input in order to function (need to type "-i" for a fresh install).

How can I edit the script so it defaults this this option automatically and starts the install?

Heres the install script I am working with:

###getopt for command line arguments.
###Handle the following
### -i install, rpm ivh
### -u upgrade, rpm Uvh )
### -b upgrade but no server info
### -c cloud config path (option for internal usage in bootstrap)
### -h help

umask 022


\{ echo "Usage: $command [-i|-u|-b|-h ]" echo "-i : fresh install " echo "-u : upgrade install" echo "-b :Upgrade Agent only , no server info will be updated" echo "-h : show this help" echo ""

user=id | cut -d'=' -f2 | cut -d( -f1\
if [ $user -ne 0 ]; then echo "This package needs root authentication to install." exit 1

###BZ 392336 Bail out if NWA exists
if [ -d /Library/NETAepoagt ];then echo "Detected presence of previous agent in /Library/NETAepoagt. Installation cannot continue." exit 1

###Validation: No args, go away
if [ $# -eq 0 ]; then usage exit 1


##First get the options
while getopts e:ic:ubh: opt do case "$opt" in i) install="yes";; c) cloud="$OPTARG";; u) upgrade="yes";; b) upgrade="yes";; h) usage exit 0;; [?]) usage exit 1;; esac
value=expr $OPTIND \- 1\
shift $value


###Cannot have install and upgrade together
if [ ! -z "$install" ] && [ ! -z "$upgrade" ];then echo You cannot specify install and upgrade at the same time usage exit 1

##Cannot have "neither install, nor upgrade"
if [ -z "$install" ] && [ -z "$upgrade" ];then echo "Neither install nor upgrade has been specified in the options" usage exit 1

if [ -e /Volumes/MFECMA ];then echo /Volumes/MFECMA already exists.The agent disk image cannot be mounted echo Please move or rename /Volumes/MFECMA and then rerun this setup exit 1

###Okay, now that everything has been checked, its time to get going
##First we need to extract everything to a temp location, ##and then unzip it to the final destination

if [ ! -z "$cloud" ];then #For Agent installation through bootstrap. echo "Agent installation through bootstrap." if [ ! -d "$cloud" ];then echo "Cloud config path doesn't exist($cloud)." exit 1 else directory="$cloud" temp_directory="$cloud" fi
else #For On-Prem install temp_directory=mktemp -d mfeXXXXXX\ if [ -f /etc/cma.d/bootstrap.xml ];then rm -rf /etc/cma.d/bootstrap.xml fi

if [ -z "$directory" ];then directory=$temp_directory fi

if [ -f "$directory" ];then echo Output destination specified is a file which laready exists. Cannot overwrite rm -rf "$temp_directory" exit 1 fi

if [ ! -e "$directory" ];then mkdir -p "$directory" fi

if [ -e "$temp_directory" ] ;then ###installer has checks for disk space, and so I wont bother about it. ###unzip will also complain is there isnt enough space for the extracted file ###So, all I care about is to have enough space for the zip itself. ###Since the zip is appended to this file itself, it would never be larger that ###this sfx itself.So havin enough space in $temp_dir to hold the sfx is good enough
if [ -z "$cloud" ];then

required_space=stat -f %z "$command"\ required_space=expr $required_space \ 2\ echo space required to copy archive is $required_space bytes available_space=df -k $temp_directory | tail -n -1 | awk '{if ( $4 \~ /%/) \{ print $3 \} else \{ print $4 \} }'\ #convert the kb to bytes available_space=expr $available_space \ 1024\ echo space available at $temp_directory is $available_space bytes if [ $required_space -gt $available_space ];then echo Not enough space to extract contents rm -rf $temp_directory exit 1 fi

echo "extracting archive to $directory... please wait" SKIP=awk '/^ARCHIVE_FOLLOWS/ \{ print NR \+ 1; exit 0; }' "$0"\

\# take the archive portion of this file and pipe it to unzip tail +$SKIP "$command" > "$temp_directory"/payload

block_size=512 nblocks=expr $unzip_exe_size / $block_size\ remainder=expr $unzip_exe_size % $block_size\ if [ 0 != $remainder ];then nblocks=expr $nblocks \+ 1\ fi

dd if="$temp_directory"/payload of="$temp_directory"/unz bs=$block_size count=$nblocks dd if="$temp_directory"/payload of="$temp_directory"/ bs=$block_size skip=$nblocks chmod +x "$temp_directory"/unz
\# /bin/sh "$temp_directory"/unz -j -o $"$temp_directory"/ -d "$directory" unzip -j -o $"$temp_directory"/ -d "$directory" rm -rf "$temp_directory"/ rm -rf "$temp_directory"/unz
if [ -n "$install" ] || [ -n "$upgrade" ];then if [ "$updateserverinfo" = "yes" ] ; then mkdir -p "$keydata_dir" returncode=$? if [ $returncode -ne 0 ] ; then echo "Failed to create keydata directory.exiting" exit 1 fi cp -f "$directory"/sitelist.xml "$keydata_dir"/SiteList.xml cp -f "$directory"/srpubkey.bin "$keydata_dir" cp -f "$directory"/reqseckey.bin "$keydata_dir" cp -f "$directory"/sr2048pubkey.bin "$keydata_dir" cp -f "$directory"/req2048seckey.bin "$keydata_dir" cp -f "$directory"/agentfipsmode "$keydata_dir"/agentfipsmode cp -f "$directory"/RepoKeys.ini "$keydata_dir"/RepoKeys.ini if [ ! -f "$keydata_dir"/SiteList.xml ] || [ ! -f "$keydata_dir"/srpubkey.bin ] || [ ! -f "$keydata_dir"/reqseckey.bin ] || [ ! -f "$keydata_dir"/sr2048pubkey.bin ] || [ ! -f "$keydata_dir"/req2048seckey.bin ];then echo "Could not find key data files. Installation cannot continue" rm -rf "$keydata_dir" exit 1 fi fi fi

hdiutil attach "$directory/MFEcma.dmg"

####Now do the actual install/ upgrade stuff
####The actual operations for copying the reqseckey and other files should already be there in the installer
if [ -z "$extract" ];then mypwd=pwd\ cd "/Volumes/MFECMA" echo "IsLegacyEPO:N" > /etc/mainstall.config echo "ConfigDirPath:/Volumes/MFECMA" >> /etc/mainstall.config echo "StartService:Y" >> /etc/mainstall.config

flag=1 pltvrsn=/usr/bin/sw_vers | grep ProductVersion | cut -d: -f2\ majvrsn=echo $pltvrsn | cut -d. -f1\ minvrsn=echo $pltvrsn | cut -d. -f2\

if [ -f /Library/McAfee/cma/bin/msaconfig ];then flag=0; fi if (($majvrsn>=10 && $minvrsn>=6 && $flag)); then sudo /usr/sbin/pkgutil --forget comp.nai.cmamac > /dev/null 2>&1 fi sudo /usr/sbin/installer -pkg cma.pkg -target "/" returncode=$? sleep 5 cd "$mypwd" hdiutil detach /Volumes/MFECMA rm -rf /etc/mainstall.config
else hdiutil detach /Volumes/MFECMA

if [ -z "$cloud" ];then rm -rf "$temp_directory"

if [ $returncode -ne 0 ];then rm -rf "$keydata_dir" exit 1

if [ -d "$keydata_dir" ] ; then rm -rf "$keydata_dir"
exit 0

###SUCCESSFUL extraction from the zip depends on it

Like Comment
Order by:
SOLVED Posted: 4/8/14 at 10:51 AM by Kaltsas

Your McAfee administrator should be able to get a pkg download of EPM210-RTW-1085 from the McAfee download site. This .pkg is easily deployable via a Casper policy. When the McAfee agent is installed this is manageable via ePO. There is also a EPM210-RTW-ePO-1085.pkg available. I don't think there is a difference between the two. The EPM210-RTW-ePO-1085.pkg should be in the available from the McAfee download site.

If you are using EPO it's a little trickier but I have the script packaged up as a .pkg (I used Packages to bundle this) that deploys fine from Casper, more or less. I have clients that are not enrolled with casper and it was a hassle for the techs to run the script by hand so creating the .pkg helps them as much as it helped me.

Let me know if you need more specifics about how I'm getting this out.

My bigger issue is I am currently having an issue where a system running 10.9.2 with EPM 2.1 that is bound to AD has extremely long Authentication times for AD accounts when the On Access Scan is enabled. I would be interested if you have an AD environment and if so if you have seen this issue in your environment. I've had a ticket open with McAfee for a while that has been escalated to Tier 3 but I haven't seen much movement.

SOLVED Posted: 4/8/14 at 11:20 AM by dpertschi

Yep, that ePO agent "installer" is POS! But I've good way to deal with it…

Drop the agent shell script into /tmp or any other location you like.
Then package the shell script (I used Composer) and and include a post flight script with the install command: /tmp/ -i

I created a second one with the -u flag for upgrades.

Upload to Casper and deploy. The only caveat there is since it's mounting a .dmg, you need to install with a logged in user. Work it out so that the agent installs first and the AV software second.

SOLVED Posted: 4/8/14 at 12:02 PM by brobertson

Thanks for the responses, and we are running in a 10.8.5 Environment with AD.

I found the following thread:

Packaged the file into a dmg, loaded it up to casper, set a run command to the following: "/Library/Application\ Support/McAfee/ -i" and ran it to a few test systems.

So far running into the following error:

Result of command:
space required to copy archive is 35820358 bytes
space available at mfeg7HKdh is 201557430272 bytes
extracting archive to mfeg7HKdh... please wait
204+0 records in
204+0 records out
104448 bytes transferred in 0.000604 secs (172951703 bytes/sec)
34762+1 records in
34762+1 records out
17798484 bytes transferred in 0.131683 secs (135161478 bytes/sec)
Archive: mfeg7HKdh/
error [mfeg7HKdh/]: missing 252 bytes in zipfile
(attempting to process anyway)
error: expected central file header signature not found (file #3).
(please check that you have transferred or created the zipfile in the
appropriate BINARY mode and that you have compiled UnZip properly)
error [mfeg7HKdh/]: attempt to seek before beginning of zipfile
(please check that you have transferred or created the zipfile in the
appropriate BINARY mode and that you have compiled UnZip properly)
(attempting to re-compensate)
inflating: mfeg7HKdh/MFEcma.dmg error: invalid compressed data to inflate
file #2: bad zipfile offset (local header sig): 17795500
(attempting to re-compensate)
inflating: mfeg7HKdh/reqseckey. error: invalid compressed data to inflate
cp: mfeg7HKdh/sitelist.xml: No such file or directory
cp: mfeg7HKdh/srpubkey.bin: No such file or directory
cp: mfeg7HKdh/reqseckey.bin: No such file or directory
cp: mfeg7HKdh/sr2048pubkey.bin: No such file or directory
cp: mfeg7HKdh/req2048seckey.bin: No such file or directory
cp: mfeg7HKdh/agentfipsmode: No such file or directory
cp: mfeg7HKdh/RepoKeys.ini: No such file or directory
Could not find key data files. Installation cannot continue

SOLVED Posted: 4/8/14 at 12:31 PM by Kaltsas

Try creating a package with Packages as follows.

•Create the Payload as to some location on the system (I have a directory in /Library that I put several things for our environment).
•Create a script that runs that script from that location. Here's a dirty example. You might want to build in more logic to delete when it's done.


# Install McAfee Agent 4.0 w/patch 2
/Library/Location/ -i


•Set this script as a Post-installation script in your package
•Build to get a .pkg

You should now have a .pkg that will install the McAfee agent for your environment. I never had any luck with other methods of deploying that monstrous script.

SOLVED Posted: 4/8/14 at 1:41 PM by brobertson

Arg, still getting an error. Looks like its running the package successfully, pushing out the directory and files to the systems, but when it runs the Post-Installation script it gets the following error:

Copying McAfee.pkg...
Installing McAfee.pkg...
Successfully installed McAfee.pkg.
Running script
Script exit code: 1
Script result: space required to copy archive is 35820850 bytes
space available at mfeFicS1h is 209095561216 bytes
extracting archive to mfeFicS1h... please wait
204+0 records in
204+0 records out
104448 bytes transferred in 0.000592 secs (176434420 bytes/sec)
34763+1 records in
34763+1 records out
17798729 bytes transferred in 0.128163 secs (138875613 bytes/sec)
Archive: mfeFicS1h/
inflating: mfeFicS1h/MFEcma.dmg inflating: mfeFicS1h/reqseckey.bin inflating: mfeFicS1h/srpubkey.bin inflating: mfeFicS1h/sitelist.xml inflating: mfeFicS1h/req2048seckey.bin inflating: mfeFicS1h/sr2048pubkey.bin inflating: mfeFicS1h/agentfipsmode inflating: mfeFicS1h/RepoKeys.ini Checksumming whole disk (Apple_HFS : 0)…
whole disk (Apple_HFS : 0): verified CRC32 $7A4857A0
verified CRC32 $78632BE7
/dev/disk1 /Volumes/MFECMA
installer: Package name is McAfee Agent
installer: Upgrading at base path /
installer: The upgrade failed (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.)
"disk1" unmounted.
"disk1" ejected.

SOLVED Posted: 4/9/14 at 2:21 PM by Kaltsas

Does this system already have any other mcafee products on it?

SOLVED Posted: 5/7/14 at 7:06 AM by ctangora

You got this error because the file contains a zipped archive. It goes to the point where it thinks that the file will begin and tries to unzip it. But since you edited the script it now can't find the beginning of the zipped file and throws the error.

Two options...

1) Check for the existence of the uninstaller and uninstall as part of a preflight script.

2) Check for the existence in the post flight with an 'if' and run "" -u if it exist, and " -i" if it doesn't.


SOLVED Posted: 12/11/15 at 11:25 AM by pawan.joshi

Hi Kaltsas, We already have EPM2.2 in place and now I'm trying to replace it with EPM2.3 in our image. We have ePO in our environment. I have the required .dmg but when I packaged it using composer and added to the configuration under Casper Admin, it doesn't get deployed through the image. Any help would be greatly appreciated.

SOLVED Posted: 12/11/15 at 11:53 AM by Kaltsas

You can drop EPM230-RTW-1791.pkg right into casper admin. This package should be available via McAfee downloads as long as you have your grant number.

I would not repackage it with composer. If you have clients that already have epm installed I would leverage EPO to deploy the updates, depending on how cantankerous your EPO admin is. EPO is not easy to navigate and it is not always apparent how to make it do things but we have wrangled policies and tasks such that machines tagged with a test tag will always get whatever is checked into Evaluation and all other machines will get what is checked into production.

As is in our imaging configuration workstations get two packages
McAfee Agent 4.8.1938.pkg

Within 2 hours they will check in with EPO and pull firewall policy and an EPM hotfix.

I have instructions for packaging the agent here

SOLVED Posted: 12/11/15 at 3:22 PM by pawan.joshi

Thanks a lot Kaltsas..that worked. This was only for the Macs that would be imaged henceforth. The ones in production will get the EPM update through ePO.

SOLVED Posted: 12/13/15 at 7:53 AM by franton

I ran into this a while back. I ended up coding this:

McAfee Agent post install script

Simple version is that you install the McAfee agent script into /Library/Application Support/McAfee as detailed in McAfee's own best practice guide, then run my script as part of a pkg post install script. It will automatically take care of the fresh install / upgrade choice and log everything locally to the computer for future reference or testing.

For the record, a properly coded epo server should do the upgrades and all the installation itself without you ever having to install the keys, epm and agent separately. If it doesn't, it's time to complain to your epo admin.