I know McAfee has partnered with numerous vendors to createcustom deployment packages for their products (http://www.mcafee.com/us/microsites/sia-integrations/).Is it possible to create your own custom package containing scripts or executablewhich can be checked-in, deployed and executed? I would like to do this forWindows and OS X if possible.
Yes, it's possible and I do so regularly. Each EPO has a tool in its program files directory called "eposign.exe" that can be used to convert the PkgCatalog.xml into an PkgCatalog.z and encrypt the McAfee script files (.mcs). All the resulting files have simply to be zipped and can then be checked in and deployed. However, to be able to do this you need access to the unencrypted script files as well as the source xml file and all this is part of the superdat manager product (SDM250) which is only available to platinum customers as far as I know. Contact your McAfee SAM for further instructions.
... and all this is part of the superdat manager product (SDM250) which is only available to platinum customers as far as I know.
Which is what I meant by "not generally available." Additionally there's no documentation (that I've seen), definitely no support, and extra-definitely no way to produce a signed package. If the OP wants to work things out from first principles as an academic exercise, that's great My assumption though was that they were looking for a supported / supportable solution as provided by the SIA program.
I guess the "not supported" is automatically implied if we talk about checking in self made stuff. And yes, obviously nobody but McAfee can actually sign software to make it an official package. However, I think it's only fair to mention, that there is indeed a way to make your own packages and check them in. I would have been super happy if someone told me that a few months back because I only discovered that option through a coincidence. But yes, there is only rudimentary documentation and definitely no support because you can wreck havoc with this feature if you are not extra careful. So I meant no offense by questioning your answer. I only wanted to provide the OP all the information.
Thanks for the information; I will look into getting a copy of the SuperDAT Manager. We are going to be migrating from McAfee Endpoint Encryption 5.2.x (the old SafeBoot product) to ePO managed Endpoint Encryption 6.1.x. With the SafeBoot product there is an easy way to create “File Groups” and deploy them to client systems (including changes to the registry, etc.). We used this feature quite a bit, and sadly there doesn’t seem to be an easy way to do the same with ePO (along with a few other features that didn’t make it into the ePO version of the product).
One last question -- you mentioned that there was rudimentary documentation; Can you elaborate or send a URL?
Well, there exists a document called "SuperDAT Manager 25 Release Notes" that explains how you sign and create a package. This is part of the SDM250 product and therefore (I did a quick search in the knowledge base) probably not available to the general public. The other "documentation" is not actually a document but the source code itself. There are two script files (.mcs) included in the product that are in clear text format and are of a proprietary scripting language. These can be adjusted to your own needs although it's a tiresome process to do so because this scripting language was conceived about 10 years ago and somewhat resembles an awkward decision tree.
You can download the "sdat6477.exe" here: http://www.mcafee.com/apps/downloads/security-updates/security-updates.aspx
You can extract the contents with /E and then take a look at the "NaiScrip.nsc" file to see the script language "in action".
I'm sorry I can't be more specific or helpful but due to the nature of the product McAfee Agents (with sunglasses) would probably hunt me down and torture me if I were to upload anything related.
I can only repeat that you should contact your official McAfee SAM about this if you really want to go that unsupported route.Message was edited by: oaker on 23/09/11 14:44:17 IST