7 Replies Latest reply on Jan 5, 2011 7:53 AM by gmwalden

    VM linked clones and McAFee installation on the template

      Hi,

       

      We are having difficulty in deploying McAfee agent, antivirus and antispyware in a VDI environment where we are using VM composer to create the linked clones.

       

      Should we install the agent, AV,AS in the template so that the linked clones get all the products or should we install after creating the base template?

       

      What is the best practice and how do we tackle these issues relating to duplicate GUIDs etc?

       

      Thanks and Regards,

      Lal

        • 1. Re: VM linked clones and McAFee installation on the template
          rmetzger

          LAL wrote:

           

          Hi,

           

          We are having difficulty in deploying McAfee agent, antivirus and antispyware in a VDI environment where we are using VM composer to create the linked clones.

           

          Should we install the agent, AV,AS in the template so that the linked clones get all the products or should we install after creating the base template?

           

          What is the best practice and how do we tackle these issues relating to duplicate GUIDs etc?

           

          Thanks and Regards,

          Lal

          Cloning images containing the McAfee Agent can cause problems for ePO. Duplicate GUIDs and MAC addresses cause the problems.

           

          Once the image is deployed, VirusScan Enterprise protects agains changes, so the batch file below needs to have these protections disabled prior to attempting changing the GUIDs and MAC addresses.

           

          Do this before closing the image so that when the newly deployed image is first started new values will populate automatically with virtually no likely of duplicates. (Well, the MAC address needs to be considered in your environment.)

           

          In order  to make either registry change, you will have to temporarily change the default settings within VSE to allow the changes to occur.

          From the  VirusScan Console

          Access Protection  > Properties

          Uncheck (unblock)  'Prevent McAfee services from being stopped'

          Common Standard Protection

          Uncheck  'Prevent modification of McAfee files and settings'

          Uncheck 'Prevent modification of McAfee  Common Management Agent'

           

          Then run the batch file below, or manually make  the changes.

          DeleteAgentGUID-MacAddress.Bat:


          @echo off
          title  McAfee AgentGUID and MacAddress Removal Tool - by Ron Metzger
               echo.
               echo  The McAfee Agent communicates with ePO, Protection Pilot, or McAfee's
               echo  update services, using registry values of AgentGUID and MacAddress, to
               echo  uniquely identify each system. Imaging or duplicating a system breaks
               echo  these unique identifiers. Clearing these values, followed by a reboot or
               echo  services restart, repopulates these values with new and unique entries.
               echo.
               echo  Prior to duplication, clear these registry entries and create the image
               echo  before restarting services or rebooting.
               echo.
               echo  Otherwise,
               echo.
               echo  After duplication, clear these values, then reboot or restart the services.
               echo.
               echo  VSE v8.7i (or above) by default, self-protects against certain changes.
               echo  In order to make either registry change, temporarily disable the
               echo  self-protection settings within VSE v8.7i (or above).
               echo.
               echo  From the VirusScan Console:
               echo  Access Protection > Properties
               echo    Uncheck 'Prevent McAfee services from being stopped'
               echo    Common Standard Protection
               echo      Uncheck (un)Block 'Prevent modification of McAfee files and settings'
               echo      Uncheck (un)Block 'Prevent modification of McAfee Common Management Agent'
               echo.
               Choice.exe /C:YN /N " Press  Y  to continue,  N  to skip . . . ?"
               if ErrorLevel 2 goto Exit

               echo  Stopping services . . .
               net stop McAfeeFramework /yes
               net stop McShield /yes
               net stop McTaskManager /yes
               echo  Stopping services, done.

               echo  Deleting registry entries . . .
               REG delete "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent" /v AgentGUID /F
               REG delete "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent" /v MacAddress /F
               REG delete "HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent" /v AgentGUID /f
               REG delete "HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent" /v MacAddress /f
               echo  Deleting registry entries, done.

               echo.
               echo  Please re-enable the self-protection settings within
               echo  VSE v8.7i (or above) to there original values.
               echo.
               echo  From the VirusScan Console:
               echo  Access Protection > Properties
               echo    Check 'Prevent McAfee services from being stopped'
               echo    Common Standard Protection
               echo      Check Block 'Prevent modification of McAfee files and settings'
               echo      Check Block 'Prevent modification of McAfee Common Management Agent'
               echo.
               Choice.exe /C:YN /N " Press  YN  to continue . . . ?"
               echo.
               echo  About to restart McAfee services.
               echo  This will repopulate AgentGUID and MacAddress values.
               echo.
               echo  Please do Not start these services if Imaging this system Now. (Choose Skip.)
               echo.
               Choice.exe /c:YN /T:N,15 /N " Restart Services?  Y  to continue,  N [or wait 15 seconds]  to skip . . .
               if ErrorLevel 2 goto Exit

               echo  Starting services . . .
               net start McAfeeFramework /yes
               net start McShield /yes
               net start McTaskManager /yes
               echo  Starting services, done.

               Choice /c:YN /T:Y,15 /N " Press  YN [or wait 15 seconds]  to continue . . .
          :Exit

          This batch file can be used to prep and image or to simply change the values after the image has been issued.

          Hope this helps. Post back with more questions.

          Thanks,

          Ron Metzger

           

           

          Message was edited by: rmetzger (formatting lost during my original post) on 7/20/10 8:10:12 PM EDT
          • 2. Re: VM linked clones and McAFee installation on the template
            smalldog

            Good one rmetzger! I have one question, i didn't used VM clone but ghost image to use for multi pc so i still use this tool to delete GUID and MAC Address? Then ghost to multi pc? Thanks!

            • 3. Re: VM linked clones and McAFee installation on the template
              rmetzger

              smalldog wrote:

               

              Good one rmetzger! I have one question, i didn't used VM clone but ghost image to use for multi pc so i still use this tool to delete GUID and MAC Address? Then ghost to multi pc? Thanks!

              Yes. Just before making the image (using Ghost or what have you), delete the AgentGUID and MacAddress. Make the image. Once you have deployed the image, at the first boot, the values that were deleted will be constructed new and presumably unique.

               

              Good luck.

              Ron Metzger

              • 4. Re: VM linked clones and McAFee installation on the template
                rmetzger

                Here is a link to the Tutorial by McAfee: http://mcafee.com/us/enterprise/products/demos/quick_tips/index.html?bcpid=51191 152001&bclid=53384514001&bctid=60496734001

                 

                Though it talks about AgentGUID only, I would recommend both AgentGUID and MacAddress be deleted just prior to creating the image and before the agent software is started for the first time.

                 

                Ron Metzger

                • 5. Re: VM linked clones and McAFee installation on the template
                  smalldog

                  Thanks so much Ron Metzger!

                  • 6. Re: VM linked clones and McAFee installation on the template

                    Thanks Veyr much Ron Metzger. We tried the batch file however we still have  the problem and then we manually deleted those entries mentioned in your batch script and then we removed the "AGENT GUID" manually and then imaged it and created clones . It seems to be working.

                     

                    Thanks once again.

                     

                    Regards,

                    Lal

                    • 7. Re: VM linked clones and McAFee installation on the template
                      gmwalden

                      If HIPS is installed on the also, would i just add Enum from FireTDI as well.  Or would i need to make more changes.  Thanks