I discovered today that McAfee has started packaging the McAfee agent with the recent releases of ENS. I used Endpoint Security Package Designer to create a new ENS package for my desktop team. They used that ENS package to update their MDT images with the September release of ENS which also installed the pre-packaged McAfee agent, and the problem is that agent doesn’t have any reference to our on-premise EPO server. So when the desktop team ran the initial "Update Security" option on a freshly imaged system that pre-packaged McAfee agent didn't look for our EPO server to update the policies, tasks, and various other updates. When the desktop admin tried to install our McAfee agent that we created from our own EPO server he got an error message that said the system already has the same version of the agent installed, and he was unable to install our custom made agent from our EPO server. Although the status of the agent says "unmanaged" we are unable to uninstall the agent from the Control Panel or using the manual command frminst /remove=agent. This is an extremely inconvenient development that McAfee has created by packaging the McAfee agent with ENS. What does McAfee recommend we do in order to resolve this problem? Is it possible for me to use ENS Package Designer and exclude the McAfee agent from that build?? (Additionally a ticket has been opened and MER uploaded: SR # 4-22496227641)
Hi @nashcoop ,
Thankyou for reaching us on community !
Yes, ENS packages are built with a stock version of McAfee agent to perform functions like DAT update and task schedule. As this agent is 'stock' it would not have your EPO information to communicate to EPO and get the task and policy update.
In order to resolve the current issue, you can follow any one of the below 2 ways :
1. From system tree, select the machine - > Actions -> agent -> Deploy Agents -> Enable " Force installation over existing version " -> enter the credentials for agent install and click 'OK'.
2. When creating a new package using package designer make sure you add McAfee Agent frame package to the design in "add executables " page under "pre-install" section. But this will not force install McAfee Agent if you already have Agent installed - by default.
You can specify the 'force install' command line option for McAfee Agent in 'command line arguments ' section when you add the executable in 'add executables page'.
McAfee Agent installation command line options :
Bonus tip :
Also instead of using 'ENS package designer ', you can use a tool called "Endpoint Upgrade Assistant and Package Creator" available from products download page. (aka EUA package creator )
With this tool you will have option by default to force install McAfee Agent with the 'Agent frame package '.
In the 3rd page of EUA package creator you will find a option to enable --maforceinstall under "additional command line options " section. Enabling this option will force install McAfee Agent using the McAfee Agent frame package that you have selected.
NOTE : McAfee Agent frame package is a McAfee Agent installer that contains your EPO and repository information with in it. you can download it from EPO - > system tree - > new systems -> Create and download agent installation package.
I hope you find this information helpful.
Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
1. The first option of forcing the installation over the "stock" agent within the system tree isn't a viable option. Since the "stock" agent isn't aware of our on-premise EPO server, no system object is populating in the system tree.
2. For years McAfee recommended excluding the McAfee agent from system images. Now they've reversed course and they are forcing the installation of the McAfee agent since a "stock" agent is packaged with ENS. That decision hasn't taken into consideration that some companies still prefer to exclude the McAfee agent from their images. While KB84356 provides instructions for including the McAfee agent on system images, we still prefer not to do that.
Please provide instructions for how to extract the "stock" McAfee agent from the ENS standalone package so we aren't forced to install the "stock" agent on our MDT images.
Hi @nashcoop To clarify, there are two different McAfee Agent types. There is the Standalone Agent (which is what ENS installs and uses) and there is the ePO-Managed Agent (which has additional subsystems that have ePO-managed functionality). When it's stated that "the McAfee Agent is installed", it's not always referencing an ePO-managed Agent configuration. The Standalone Agent is still required for Standalone ENS functionality, even if an ePO server is not being used to manage the environment.
ENS can be installed as a Standalone or ePO-managed product, and for Standalone systems, the Standalone Agent is required for scheduling/execution of client tasks (such as Content Update or ODS scan tasks). It's not possible, nor supported, to remove the Standalone Agent from that ENS package as this would affect client-related tasks, like having the Agent update the DAT files or Exploit Prevention Content that ENS Threat Prevention uses (as an example). Quite frequently, the ENS installer is customized to additionally install the ePO-managed Agent package using ENS Package Designer, so the ENS and ePO-managed Agent can be scripted via other non-ePO server deployment methods.
For the ePO-managed Agent package (which adds those additional subsystems inside the Agent for ePO management), that would need to be installed via a separate package from the ePO server. That package is built on the ePO server and includes all the details about ePO/Agent Handler information, and as you mentioned, KB84356 states how to include the Agent in a system image (if desired).
We've been using ENS and the ENS Package Designer for three or four years and never encountered this problem before. My understanding is that our process isn't working because McAfee has included the most current version (22.214.171.1249) of the McAfee agent in the standalone ENS package, and we are not able to overwrite that when we try to manually install our own ePO-managed agent since that is also 126.96.36.1999. Does McAfee always include the most current version of the McAfee agent in the standalone ENS package? I'm very surprised that we've never previously encountered this problem before over the past three or four years if McAfee has always been packaging the most current version of the McAfee agent with standalone ENS during that time span. This issue is really jamming up our established process, and we're currently unable to ship new systems to employees until it's resolved.
New ENS installers will use more recent versions of the McAfee Agent, but it won't always be the absolutely latest available (e.g., hotfix versions, etc.).
If there is an issue with installing the ePO-managed Agent package over the Standalone Agent package that is bundled with the ENS software, I would recommend posting the issue on our ePO Server (and Agent) Community board, or contact our McAfee Support team for the McAfee Agent. It should be possible to overwrite the currently installed Agent with an updated one (even if it's the same build). Support might need to obtain the Agent install log files to review further.