Exactly what I'm trying to do, put the Serial # in a CustomProps field. Then have it run silently with no user interaction on the endpoint, so this information is reportable from the ePO DB. Unfortunately, I ran into problems. The /Library/McAfee/cma/scratch/CustomProps.xml was not ever created on my test system.
Seeing as the article references OS X 10.7 as the latest known working version, this was cause for concern. I'm testing on OS X 10.9.4, and there have certainly been changes made between these releases.
The issue I'm facing is that while the Agent log show the scheduled task completes, the CustomProps.xml file with desired information doesn't ever get written to disk. In testing the script from command line, the only successes occurred when the .sh file was run were prefixed by a sudo escalation, then manually entering the password. From previous experience, I know that /Library/McAfee/cma/bin/cmdagent -P will not run without root access. It would appear that writes to /Library/McAfee/cma/scratch/ also require this root access.
Therein lies the problem. We can't deploy this to Mac endpoints that have unique root passwords using ePO. As a test of the EEDK's potential permission issues with folders, I checked-in a package that did nothing but open calculator. This is something privilege escalation isn't required for, and can be run from command line without the need for a sudo prefix and password. This also didn't work once packaged for deployment to a OS X 10.9.4 endpoint via ePO using EEDK to build the package.
[code for the calculator test]
open -nF /Applications/Calculator.app/
If there are any updates to the EEDK syntax needed for this to work in the Macintosh environment, I'd be greatly appreciative to know what they are!
I'm using EEDK sourced from here [albeit, inside a Windows VM], which I believe is the most current:
This script does the same as calling system_profiler, but is apparently a much better way to get a Serial Number from a Mac. This comes recommended from a Mac software packager that knows far more about these system calls than I. Adding it to my inquiry, in hopes it may be of use for someone who finds this.