cancel
Showing results for 
Search instead for 
Did you mean: 

ePO Endpoint Deployment Kit 9.6.1 - Enterprise Edition

UPDATE:

Version 9.6.1 - 08/08/2016

Inhibited entry of comma in description field due to a ePO bug that splits it into 2 packages.

Fixed issue with overwriting of package if it already exists.

UPDATE:

Version 9.6.0.

Updated to .NET 4.5.

Removed third-party DotNetZip Library, replaced with native .NET 4.5 functions.

Removed third-party HTTPUploadHelper for MultipartFormData processing, replaced with native .NET 4.5 functions.

Changed background color of dialogs.

UPDATE:

Version 9.2.5.  Updated error handling for product detecion key parsing.

UPDATE:

Version 9.2.4.  This version set default values for the product detection key and product detection value.

I am very pleased to post the Community Edition of the ePO Endpoint Deployment Kit (EEDK).  This tool is designed to allow ePO  users to build and deploy their own custom software packages using ePO. This can included other software, hotfixes, scripts etc.  Inside the attached .zip files we have included a Product Guide along with  examples of building your own software packages.  If you have any question please use this community site for support.

UPDATE:

Version 9.4.  This version adds Windows 8 and Windows 2012 platform support.

UPDATE:

Version 9.5.2  This version adds Windows 10 platform support.

UPDATE:

Providing Enterprise Edition to the community. This will be the only version maintained going forward.

Labels (2)
Tags (1)
Attachments
Comments

Thank you very much Steen

Please know that you also have System Information Reporter which can set the registry keys for you. This can be simpler than using EEDK for such a task.

https://kc.mcafee.com/corporate/index?page=content&id=KB67830

Yes it is trivial to modify the registry with EEDK.

:: Torry Campbell McAfee, Inc. 2013

:: Script to execute reg command

:: :: ################################################

@echo off

pushd "%~dp0"

for /f "delims=" %%a in ('cd') do @set SRCDIR=%%a

::If no comand line option are provided exit script

if "%*" == "" (exit 1) Else set cmdstr=%*

:: Whatever is enter in the client task command line options will be passed to reg.exe

start /B /Wait reg.exe %cmdstr%

exit 0

1. Create EEDK pacakge with this script

2. Check in pacakge to ePO

3. Create deployment task using the command line options field to enter the rest of the reg.exe command

4. Wake up agents once task has been saved.

Hi Everyone,

I am using EEDK to uninstall a McAfee component from end point. I am trying to uninstall EEPC Agent and software from the machines.

I use the below command inside a batch file. When i execute it directly on the end machine, it works and removes the EEPC component however If I package it through EEDK and deploy it through ePO, it does not work Can any one help me ?

Uninstall EEPC.JPG

We tried to uninstall using the product deplyment task however that did not work. We have been asked by McAfee engineer to try with EEDK. And that doe not work

Why not uninstall using a product deployment task for the Agent software instead? Why reinvent the wheel?

download PSEXEC.exe from systinternals and open a system prompt:   psexec.exe /s /i cmd.exe    the dos prompt that opens runs as local system (try the whoami command).

that way you can really test what happens when you run it as local system.

in all the examples I see, the full path is provided so %windir%\system32\msiexec.exe /x ......

but I agree, the unistall via the ePO console works fine as long as the encryption is in-active, so why this special routine...

if the EEDK package works, than the agent is OK, so the normal ePO client uninstall task should work too

Hi jathin_das.  Prinand is correct, the immediate issue I see with your script is that you need to specify the whole path. For example, in each line that needs msiexec, instead of just putting

msiexec /x etc...

Put

%comspec% /c %systemroot%\system32\msiexec.exe /x etc...

If you go to page 1 of this forum you will see some discussion and explanation about how to write properly functioning batch files that can be executed successfully by EEDK. As Prinand pointed out, it's important to keep in mind that EEDK packages are run by the system account and therefore not every script will run as it does when run as administrator or using your local admin account, etc. There are many rules that govern the use of the system account that can cause unexpected results.

Just came across this very useful tool. We are running ePO 4.6 and have a problem with the newer ePO agents on just XP systems. On XP systems with agent 4.6 or higher, they will stop respodning to agent wakeup calls. McAfee Tech support said that we hade to open a port exception for the agent calls to work, this is port 8081. Most of our systems are not on AD so we can't easily push any scripts.

Noticed that this EEDK call is capable to deploying scripts via ePO. I bascially want to execute the following command only one XP systems via EEDK.

netsh firewall add portopening protocol=TCP port=8081 name="McAfee Agent Wake-Up Calls" scope=custom addresses=10.1.13.456

I am not good at scripting but have read that I might have to create a VBS script. We want to execute this command on all the systems without the user seeing any command prompts etc.

Does anyone have any ideas of what script I should create to excute this command using EEDK?

Thanks

I'm looking at running a vbscript from EEDK(which is great by the way, great documentation attached and easy to use)

The only question I have for you guys is do you know what is used to run a VBS locally, does EEDK rely on VBS file association on the local machine or does it always use WSCRIPT.EXE?

I would want to use cscript.exe to run my vbs, not a big deal, I can do it by running a BAT/CMD file and calling cscript.exe in there, but was just wondering if you guys knew already?

Make sure and use Torry's starter BAT syntax to get %SRCDIR% defined. 

I would use a helper BAT file to launch cscript.exe to call the VBS. I would define the whole path of cscript.exe, so in the BAT you should have a line like

%comspec% /c %systemroot%\system32\cscript.exe %SRCDIR%\<yourscriptname>.vbs

Hope that helps.

something that I do almost everytime is just use a self extracting exe. you can use winrar to bundle the file or files into a self extracting exe where it executes a command when finished. this way you don't have to worry about all the logic witht the tool. you just tell edk to run the exe and the self extractor takes care of everything for you.  I use this method a lot with vbscripts. that is how I made the system information tool in the downloads.

Torry

I tried using the EEDK kit to deploy a package, but when it attempts to install, the Agent log says that an 'Error occurred while installing......' and I do not see any errors in the Windows Event logs. What's the best way to diagnose this?

Finally managed to create a package using this wonderful tool which will run a executable that will make a port exception for the ePO agent wake-up call.

Basically, I had to create a visual basic script called run_invisible as shown below.

Set WshShell = CreateObject("WScript.Shell")

WshShell.RUN "cmd /c netsh firewall add portopening protocol=TCP port=8081 name=McAfeeAgentWake-UpCalls scope=custom addresses=10.1.2.32", 0

This script creates the firewall exception using cmd running silently.

This visual basic script is then added to self extracting exe file called xpfirewall.exe using WinRAR. This deployed from ym test ePO server to several XP systems without issues.

Thanks

Looking for a little assistance with a small batch file I'm trying to run.  This is the first time I've utilized EEDK so I'm not certain what I maybe doing wrong.  I've packaged the files and checked them in but when I deploy them it gets stuck at verifying:

2013-09-27 10:44:24    I    #11260    ScrptMgr    Loading update configuration from: catalog.xml

2013-09-27 10:44:25    I    #11260    ScrptMgr    Verifying RSDRESET1000-det.mcs.

2013-09-27 10:44:25    I    #11260    ScrptMgr    Setting the working dir as C:\ProgramData\McAfee\Common Framework\Current\RSDRESET1000

2013-09-27 10:44:25    I    #11260    ScrptMgr    Loading and parsing:  C:\ProgramData\McAfee\Common Framework\Current\RSDRESET1000\RSDRESET1000-det.mcs

2013-09-27 10:44:25    I    #11260    ScrpPrsr    DoesRegKeyExist doesn't exist in the section table.

2013-09-27 10:44:25    I    #11260    ScrptMgr    Script validation failed, continuing in backward compatibility mode for syntax ….

The .Bat file to be run has the following commands:

@echo off

:: Get number of input parameters

set argC=0

for %%x in (%*) do Set /A argC+=1

:: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

:: Torry Campbell McAfee, Inc. 2011

:: ################################################

:: Set environment to current product folder

pushd "%~dp0"

:: Get software package source directory and set as variable SRCDIR

SET SRCDIR=

for /f "delims=" %%a in ('cd') do @set SRCDIR=%%a

:: Stop RSD Service

sc stop Rssensor

:: Adjust permission on .pem files.

icacls "C:\Program Files (x86)\McAfee\RSD Sensor\key.pem" /inheritance:e

icacls "C:\Program Files (x86)\McAfee\RSD Sensor\root.pem" /inheritance:e

icacls "C:\Program Files (x86)\McAfee\RSD Sensor\sensor.pem" /inheritance:e

icacls "C:\Program Files\McAfee\RSD Sensor\key.pem" /inheritance:e

icacls "C:\Program Files\McAfee\RSD Sensor\root.pem" /inheritance:e

icacls "C:\Program Files\McAfee\RSD Sensor\sensor.pem" /inheritance:e

:: Start RSD Service

sc start rssensor

:: Save Text file for run verification.

Echo RSD Reset Complete >> C:\RSD.txt

goto EOF

:: Exit and pass proper exit to agent

:: ################################################

:EOF

Exit /B 0

Anyone that can point me in the right direction would have my gratitude.  There are many things I want to use this tool for but as of right now, this simple use is eluding me.

Thanks

Is there a version EEDK available for ePO 5.x ?

This will also work with ePO 5.x

Hi Torry I m geeting the error Build "" does not exist how can I solve it? Thanks in advance and congrats this is "The Tool" in the past I  do the same with eposign and some msc  not encripted! Cool Stuff!

Herman.-

Has the build folder been defined?EEDK UIpdf.jpg in your options settings?

uupppsss no! thanks! nowe works ! i will Install Iexplorer 9 ... thanks !

I have an msi file wrapped with EEDK I want to install on desktops and it's failing to deploy from ePO due to MA4.6 running the install with the SYSTEM account.  I know the msi file install works using a user account.  Anyone know of a method to deploy something custom out from ePO and it runs the install(.msi file in my case) using a specific user account?

This is a script which is used when deploying McAfee Profiler from an EEDK package.

:: Get number of input parameters
set argC=0
for %%x in (%*) do Set /A argC+=1

:: Stuart Avery McAfee, Inc. 2011
:: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:: Confirm x86 Architecture and exit if not found
If %PROCESSOR_ARCHITECTURE% == x86 (
GOTO START
) ELSE (
Exit /B 1
)
:START
:: Set environment to current product folder
pushd "%~dp0"
:: Get software package source directory and set as variable SRCDIR
SET SRCDIR=
for /f "delims=" %%a in ('cd') do @set SRCDIR=%%a

if %argC%==0 GOTO INSTALL
if %1==uninstall GOTO UNINSTALL
:INSTALL
%comspec% /c %systemroot%\system32\msiexec.exe /i "%SRCDIR%\McProfilerSetup.msi" /quiet
GOTO END
:UNINSTALL
%comspec% /c %systemroot%\system32\MsiExec.exe /X{McProfilerSetup.msi} /quiet
:END

goto EOF
:: Exit and pass proper exit to agent
:: ################################################
:EOF
Exit /B 0

I'm wondering if there is a work around to the bug where running the Client Task Now that does a product deployment returns an error.  I am using the EEDK to create my package.  I basically have to msi files - one for 32 bit and one for 64 bit and a bach file that does some checking and determines which one to run.  I've run the install both using a regular user and the SYSTEM account using PSExec  on a few machines and it works.  I've even deployed through ePO by running the Client Task Now.  The software gets deployed properly  but ePO reports that the deployment failed.

Here is the batch file that I am running:

@echo off

  :: Set environment to current product folder

pushd "%~dp0"

  :: Get software package source directory and set as variable SRCDIR

SET SRCDIR=

for /f "delims=" %%a in ('cd') do @set SRCDIR=%%a

IF /I %PROCESSOR_ARCHITECTURE% == x86 (

:: "This is 32 Bit Operating system

  %comspec% /c %systemroot%\system32\msiexec.exe /i "%SRCDIR%\CC_x86_1.3.6.2.msi" /qn  %*

) ELSE (

  %comspec% /c %systemroot%\system32\msiexec.exe /i "%SRCDIR%\CC_x64_1.3.6.2.msi" /qn  %*

)

::check if installation worked by looking for a specific file

dir "c:\Program Files\CC\cc.exe" > nul 2>&1

IF %ERRORLEVEL% == 0 (

:: For now add the registry entries needed manually - this will be updated in next version of the installer 

   start /b /wait %systemroot%\system32\REG.exe ADD HKLM\Software\CC /f > nul

   start /b /wait %systemroot%\system32\REG.exe ADD HKLM\Software\CC /v ProductVersion /d 1.3.6.2 /f > nul

   start /b /wait %systemroot%\system32\REG.exe ADD HKLM\Software\CC /v "Install Path" /d "C:\Program Files\CC" /f > nul

   EXIT /B 0

) ELSE (

   EXIT /B 1

)

I get an errorlevel of 0 when I run this yet the agent reports that the installation failed.  Any ideas?

Thanks

I have seen this issue. ePO report the Run Client Task have failed, and it has been executed and completed successful on the endpoint.

I’m not sure what is causing this issue.

Hello,

I am trying to install windows security update on win7 OS using the EEDK utility.

The update is installed, however on the Mcafee agent log i get some error with regards to access  problems to the registry key or registry key was not found.

When creating the package, i had set the key as followes:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB2660649~31bf3856ad364e35~x86~~6.1.1.3

and the key value as followes:

InstallClient

The info was gathered after manual install of windows security update KB2660649 , before creating the package.

Any ideas to resolve the issue ?

Regards,

Yossi Mor

Hi,

I am trying to create a package to manually populate the registry entry for EEPC 7.0.1. I have exported the REG key from a machine and tried to create a package with it so that I can deploy it to machines which does not have the registry key. When I do that I am receiving error message that the deployment is failed.

EEPC.JPG

The package is created by just selecting the registry key file. Should there be any command line parameter to be given to get the package executed Below is the screenshot of the EEDK package settings

EEDK.JPG

Your are missing the command line to run. You should leave the default EEDK Registry key setting - both lines.

Then you should choose to run a .CMD file which will write the .REG fil to the Registry.

Then you have to make EEDK to include a folder, where you haev located the CMD file below and the EEPD-Copy.reg file.

@echo off

pushd "%~dp0“

for /f "delims=" %%a in ('cd') do (@set SRCDIR=%%a)

::Main script

%COMSPEC% /C Regedit.exe /s %SRCDIR%\EEPC-Copy.reg

Exit 0

Hi Steen,

Thanks for your help. Unfortunately it still did not work. I am getting the below error

Error.JPG

This error does look a bit strange. Set McAfee Agent policy to do Detailed logging.

There can be several reasons for this. Have you tested the script running as SYSTEM account?

Remember that the McAfee Agent is executing the script as SYSTEM account, and that registry key might not be available.

How to test this:

Use PSEXEC.exe from Sysinternals to open a CMD running as SYSTEM (requires local administrator privileges)

Start CMD.EXE with “Run as Administrator”

From this command line run: psexec.exe /s /i cmd.exe

the command prompt that opens runs as local system

Verify with the whoami command

Test script can now be tested in this new command prompt

Hello Steen,

Thnaks for your response. How do I make sure that the script is running using a SYSTEM account ? Should add any commands in hte script to make sure that the script is running using SYSTEM account ?

Thanks

Jathin

The EPO agent should run the script with system privledges.  One thing I like to do is to use self extracting exe to run with this tool.  Using winrar and just a few steps you can easily make a self extracting exe.  This way you need no logic when creating with this tool, other than run the exe you have and the self extraction process handles the extraction to a temp folder and then execute the file you want.  This by far has been the easiest and most successful methods for me.  you can use this process for vbscripts, bat files, etc.  Autoit is also and easy way to create a true EXE if you just have some reg keys or file commands.  Since this is a true EXE with autoit it is easy to allow certain exclusions in AP rules or HIPS rules that may be tripped during modification.  with scripts or bat files the source of the modification is regedit.exe or cmd.exe which you would not want to exclude in those protective rules.

Hello everyone

Please can anyone help. Firstly does this work on ePO 5.1 and with Agent 4.8?

If so, Im trying to deploy an EXE which is a packaged vbs script. All it does is read a reg key and then write the data back to another reg key.

The EXE works when ran on a workstation, please note that this is not a permissons issues as the admin credentials are embedded into the EXE.

Each time I try and deploy the EXE the agent report the following.. Please see screen shot below

ss.png

Please can anyone give me some pointers here?

Regards

Steve

McAfee Agent will run the EXE or script with SYSTEM account.

Test the script or EXE running as SYSTEM account before creating the EEDK.

There can be several reasons for this. Have you tested the script running as SYSTEM account?

Remember that the McAfee Agent is executing the script as SYSTEM account, and that registry key might not be available.

How to test this:

Use PSEXEC.exe from Sysinternals to open a CMD running as SYSTEM (requires local administrator privileges)

Start CMD.EXE with “Run as Administrator”

From this command line run: psexec.exe /s /i cmd.exe

the command prompt that opens runs as local system

Verify with the whoami command

Test script can now be tested in this new command prompt

Please provide details about how you created the EEDK. Screenshoot of the EEDK would be nice.

Hi Steen

Thanks for the replies. Here is a screen shot of the EEDK below

ss2.png

I will let you know the results after trying the PSExec tests.

Regards

Steve

Hi Steen,

When I run the script directly from the end point it works. When I deploye the package thruogh ePO, it does not.

Hi Steen

OK after testing with PSEXEC and running under the system account the EXE fails with error 5 Access is denied.

Can you recommend how I can run this EXE under the system account.

Regards

Steve

After some further reading and testing I've managed to sort my problem. I used the following script to call my exe

@echo off
:: Set path to current product folder
pushd "%~dp0"
:: Get software package source directory and set as variable SRCDIR
SET SRCDIR=
for /f "delims=" %%a in ('cd') do @set SRCDIR=%%a

%compsec% "%SRCDIR%\buildtype.EXE"
Exit /B 0

This fixed my issue. I can deploy the package and it nows runs on the client without issue and I'm getting the custom property information reporting back into ePO.

Has anyone used Endpoint Deployment Kit on ePO 5.1?  The above 9.4 version.zip has documentation for 9.2, is ePO 5.x officially supported?

Thanks

I have used it on 5.1. The only issue I have is checking in the app using EEDK. But manually checking it a package in using the ePO console is fine.

Hope that helps

I'm trying to use the eposign tool included in the kit from a batch file.  I run the EEDK.exe file to get it to extract the eposign.exe file.  From my batch file, I run the eposign command giving the full path to the command and the full path to the PkgCatalog.xml file.

c:\ePO\eposign.exe c:\build\\PkgCatalog.xml *.mcs /a

This batch file is run from an ant task that is used to create an installation package that gets generated when files are changed.  Running the ant build on my local machine, everything works fine, the PkgCatalog.z file gets generated and the *.mcs files are encrypted.  Running the same command from the ant task on the server results in error -1073741515.  This error is apparently caused by a missing dll.  Any idea of what dependency I'm missing on my build server? I've already checked that the path is correct on the server.

Thanks,

Sergio

Hi everyone,

I've been playing around with EEDK and find myself a bit rusty. I posted a question elsewhere on this forum but thought I might draw more attention to it if I mentioned it here as well:

https://community.mcafee.com/thread/67604

Any thoughts or suggestions would be very welcome

Edit: I shoudl add that I did test my script running them as SYSTEM as outlined in a reply above. The scripts seem to work fine when run that way.

Torry - Any plans to bring this tool kit up to a version to build packages for Windows 8.1? I am in need of a SAE Cleanup tool that will run on 8.1 deployed through ePO. - Thanks

ok bare with me. I haven't done EEDK for quite some time and I am having a problem with running 3 native DOS commands to copy log data to a network share. The bat file works if I run it manually, but not when I create a package. I do not need to specify a directory since they are native DOS commands.

Looking at the mcscript.log it shows that it is executing but never finishes.

2014-06-23 08:36:04.871    I    #4792    ScrptExe    Executing "C:\ProgramData\McAfee\Common Framework\Evaluation\EEDKQUAR1000\Install\0000\eedkquar.bat"

@echo off

  

dos command 1

dos command 2

dos command 3

  exit /B 0

6-23-2014 5-16-43 PM.png

You're running under the system account when executing those packages, so no access to network shares.

Doh! I should have known that

Is there a way to use the local logged in user account?

Not that I am aware of.

If the computer is joined to the domain and the share is publically writable, you might be able to  get the file written to the share.

The creator of the file is the COMPUTER account in the domain.

If the host is not joined to the domain and you don't mind putting passwords to a service account into the batch file, you could do a net use and link a drive and then write to it.

Try writing a batch file aournd these commands:

C:\temp>whoami

nt authority\system

C:\temp>net use * \\server\public /user:DOMAIN\user1 p@$$w0rd

Drive Z: is now connected to \\server\public

The command completed successfully.

C:\temp>net use
New connections will be remembered.


Status       Local     Remote                    Network

-------------------------------------------------------------------------------
OK           Z:        \\server\public          Microsoft Windows Network
The command completed successfully.

C:\temp>dir c:\ >> \\server\public\directories\%COMPUTERNAME%.txt

C:\temp>dir \\server\public\directories
Volume in drive \\server\public has no label.
Volume Serial Number is B01E-E880

Directory of \\server\public\directories

06/24/2014  03:25 PM    <DIR>          .
06/24/2014  03:25 PM    <DIR>          ..
06/24/2014  03:05 PM             1,889 CLIENT1A.txt
06/24/2014  03:25 PM               886 PHANTOM.txt
06/24/2014  03:21 PM               388 test1
               3 File(s)          3,163 bytes
               2 Dir(s)  168,648,585,216 bytes free

C:\temp>net use * /delete /y
You have these remote connections:

    Z:              \\server\public
Continuing will cancel the connections.

The command completed successfully.

Hi everyone,

I have been working with this tool to send patches to update Windows, I created the appropriate folders and BAT file, but I have a doubt with the registry keys, What if an update of Windows modifies one, two or more keys?

What key has to be put in the part: Detection Product Key?

Thanks

Actually I got my script to work and write out to a network share since I have no physical access to the desktop.

REM This bat file extracts VSE log files and copies them to our share

@echo off

net use * \\yourserver\yourfolder\MER-OUTPUT yourpassword /USER:yourdomain\yourid

MKDIR \\yourserver\yourfolder\MER-OUTPUT\%computername%

REM variables for date and time

for /f "tokens=2-4 delims=/ " %%a in ('date /T') do set year=%%c

for /f "tokens=2-4 delims=/ " %%a in ('date /T') do set month=%%a

for /f "tokens=2-4 delims=/ " %%a in ('date /T') do set day=%%b

set TODAY=%year%-%month%-%day%

for /f "tokens=1 delims=: " %%h in ('time /T') do set hour=%%h

for /f "tokens=2 delims=: " %%m in ('time /T') do set minutes=%%m

for /f "tokens=3 delims=: " %%a in ('time /T') do set ampm=%%a

set NOW=%hour%-%minutes%-%ampm%

dir c:\Quarantine /s > \\yourserver\yourfolder\MER-OUTPUT\%computername%\%computername%_%TODAY%_%NOW%_quarantine.txt

copy %DEFLOGDIR%\*.txt \\yourserver\yourfolder\MER-OUTPUT\%computername%

for /f "tokens=2" %%D in ('net use ^| find ":" ^| find "\\yourserver"') do (net use %%D /delete)

exit 0

Contributors
Version history
Revision #:
2 of 2
Last update:
‎09-26-2019 02:38 PM
Updated by:
 

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community