A frequently asked question of Mac-using McAfee customers is how do I deploy a .sh script to Macs? MDMs generally can only only deploy .pkg or .dmg files to Mac. The answer is to use a packaging utility to wrap the .sh file inside a .pkg file. MDMs typically provide a packaging tool, or you can use of the many open-source packaging utilities.
Obtain the agentpackages.zip (contains install.sh) or McAfeeSmartInstall.sh from your ePO admin.
Place the file where you want it installed – I recommend /tmp as the file will get cleaned up after a reboot.
Open your packaging tool and drag-n-drop the file into the tool window. This will place the file in the appropriate installed location.
Change the owner to root, group to wheel, and permissions to 755 (owner – all, group – read and execute, others – read and execute).
Add version number to package filename. In on-prem epo, version numbers are important, while in MVISION ePO, version numbers aren’t so important. You will be upgrading your agent package at some point and it helps to be able to tell the current version from the new version!
Build your package and upload to your MDM for distribution. We always recommend signing packages but doing so is outside the scope of this post.
The MDM will need to execute the script that the package wrote to disk. You can either do this by running the command in a policy from MDM or via a .pkg postinstall script. The postinstall script is outside the scope of this post, but Rich Trouton has an excellent post here that dives into the technical aspects of installer packages.
As for the run command method, the MDM will need to run: • For install.sh: /private/tmp/install.sh -i • For McAfeeSmartInstall.sh: /private/tmp/McAfeeSmartInstall.sh
NOTE:There is currently a bug in the smart installer script – you must update the script in a text editor to get it to install. The workaround is available here and also in the above Jamf Pro link.
What allowed extensions or filters are needed to enable McAfee endpoint products to successfully protect your Mac depends on what version of macOS you are running. McAfee provides sample configuration profiles (in the KB links below) that you can directly import or use for inspiration in building your own. It doesn’t hurt to use the same profiles on multiple OS versions as the older OS versions will just ignore what doesn’t apply. All configuration profiles are required for successful use of McAfee endpoint products on Mac.
Note to Mac Admins: Bundle IDs for Extensions (System or Kernel) need to be explicitly defined in Big Sur. Please view the KB links below for the bundle IDs.
Note to Jamf Pro Admins: Uploading a System Extension config profile is currently broken (PI-008562). You will have to create and populate the system extension profile yourself. Click here for an example screen shot.
Definitions: • Standalone – designed to be used without ePO -or- designed to be installed without using ePO • ePO Package – designed to be checked-in – this is endpoint software that is installed from ePO. • ePO Extension – designed to be checked-in – this is used to configure software installed from ePO. • Documentation – install guides, product guides, release notes, etc.