cancel
Showing results for 
Search instead for 
Did you mean: 

Preparing a Vista image for deployment (GUID) question

Jump to solution

    Hi All,

I am preparing a Vista image for Sysyprep.  The image has the ePO Agent and VirusScan Enterprise 8.7i installed.

From reading the documentation (McAfee Agent 4.5 Product Guide, Pages 18-19), I need to delete the  HKLM\Software\Network Associates\ePolicy Orchestrator\Agent\AgentGUID key.

When I open regedit (with admin credentials), I see HKLM\Software\Network Associates\ePolicy Orchestrator\Agent, but there are no values displayed.  I don't even see a key for AgentGUID.

Is the documentation simply out of date?  I checked the McAfee Agent (via the system tray) and it does appear to have a GUID.

Thanks,
Drew

McAfee Agent Product Guide:

https://kc.mcafee.com/corporate/index?page=answerlink&url=0bc97397072bd71a8a439b60a92c8cb6bcf890c2e2...

1 Solution

Accepted Solutions

Re: Preparing a Vista image for deployment (GUID) question

Jump to solution

PROBLEM solved!

The root cause was McAfee HIPS.  The host intrustion protection service was blocking READ access to the ePolicy Orchestrator registry keys. (even when using an Admin account that has access).

I turned off HIPS and was able to see what I needed to see.

Do you work for McAfee?  If so, I'd appreciate it if you forward this thread to the writers of the McAfee Agent 4.5 Product Guide, maybe it will help someone else.

Thanks,
Drew

8 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 9

Re: Preparing a Vista image for deployment (GUID) question

Jump to solution

That key looks correct - is it a 64bit system, by any chance? If so the reg key will be different, as the agent is a 32-bit app:

HKLM\Software\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent\AgentGUID

Regards -

Joe

Re: Preparing a Vista image for deployment (GUID) question

Jump to solution

Joe,

It is a 32-bit OS.  I even checked another environment we have (separate network) and the key doesn't exist there either.  I have been wondering if maybe McAfee moved the GUID out of the registry and into the file system.  I know they integrated a GUID-conflict remediation tool into the newest version of ePO.  You can detect/fix duplicate GUID's. 

I even searched the entire registry for the value that is shown in the McAfee Agent System tray icon, thinking I would find it that way.  No luck.

Thanks for your help, it seems so easy.  I am logging into the system with admin rights, but maybe I need to right-click regedit.exe and "RunAs Administrator."  I doubt it, but it is something to try.

(edit) Joe - by any chance, do you have a workstation running the latest version of McAfee Agent that you could check for me just as a sanity check?  Maybe something is wrong with our base image, but the workstations DO all have a unique Agent ID, I just can't find it in the registry.

Thanks,

Drew

Message was edited by: drew2000 on 6/1/11 5:46:15 AM CDT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 9

Re: Preparing a Vista image for deployment (GUID) question

Jump to solution

Nope, we haven't moved the AgentGUID location - it should still be there

Definitely try running regedit with RunAs - it may be that the default admin account doesn't have rights to see the agent's reg entries...

HTH -

Joe

Re: Preparing a Vista image for deployment (GUID) question

Jump to solution

This morning I confirmed that we do have McAfee Agent 4.5.0 installed.  I checked the AgentID in the McAfee Agent menu on a Windows XP box (to avoid UAC issues).  I am currently searching the registry for the entire string {AgentID} to see if I can locate it.  I just don't understand how the workstation can have an agent ID show up in the system tray but not the registry.  If this search fails, I will repeat the search without the brackets {}, maybe if that fails I will try it without the dashes between the character groups.


Thanks,
Drew

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 9

Re: Preparing a Vista image for deployment (GUID) question

Jump to solution

Can you export HKLM\Software to a text file and post it? I'll have a look...

HTH -

Joe

Re: Preparing a Vista image for deployment (GUID) question

Jump to solution

Hi Joe,
Thanks for taking a look.  This data is from a machine with McAfee Agent 4.0 machine, but the issue is the same {can't find Agent GUID section in the registry}.  The entire file is 23.5MB, so I just exported the relevant section:

Yes, the ePolicy Orchestrator section really is empty!

Thanks,
Drew

HKLM\Software\Network Associates

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates

Class Name:        <NO CLASS>

Last Write Time:   11/2/2010 - 2:52 PM

Value 0

  Name:            <NO NAME>

  Type:            REG_SZ

  Data:           

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator

Class Name:        <NO CLASS>

Last Write Time:  

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\McAfee Fire

Class Name:        <NO CLASS>

Last Write Time:   11/2/2010 - 2:52 PM

Value 0

  Name:            BUILDTYPE

  Type:            REG_SZ

  Data:            COMBO

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\Patch Scanner

Class Name:        <NO CLASS>

Last Write Time:   11/2/2010 - 1:52 PM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TalkBack

Class Name:        <NO CLASS>

Last Write Time:   11/2/2010 - 2:52 PM

Value 0

  Name:            InstallCount

  Type:            REG_DWORD

  Data:            0x1

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD

Class Name:        <NO CLASS>

Last Write Time:   11/2/2010 - 2:35 PM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components

Class Name:        <NO CLASS>

Last Write Time:   11/2/2010 - 2:47 PM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\Events

Class Name:        <NO CLASS>

Last Write Time:   11/2/2010 - 2:35 PM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\Events\Forwarding

Class Name:        <NO CLASS>

Last Write Time:   11/2/2010 - 2:35 PM

Value 0

  Name:            ePO Event Forwarding Program

  Type:            REG_SZ

  Data:            C:\Program Files\McAfee\Common Framework\poevtinf.dll

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\Framework

Class Name:        <NO CLASS>

Last Write Time:   5/14/2011 - 12:00 AM

Value 0

  Name:            STI

  Type:            REG_SZ

  Data:           

Value 1

  Name:            <NO NAME>

  Type:            REG_SZ

  Data:           

Value 2

  Name:            Version

  Type:            REG_SZ

  Data:            4.0.0.1421

Value 3

  Name:            Installed Path

  Type:            REG_SZ

  Data:            C:\Program Files\McAfee\Common Framework

Value 4

  Name:            Data Path

  Type:            REG_SZ

  Data:            C:\ProgramData\McAfee\Common Framework

Value 5

  Name:            Extended Path

  Type:            REG_SZ

  Data:            C:\Program Files\McAfee\Common Framework;C:\ProgramData\McAfee\Common Framework;

Value 6

  Name:            Event Path

  Type:            REG_SZ

  Data:            C:\ProgramData\McAfee\Common Framework\AgentEvents

Value 7

  Name:            Uninstall Tool

  Type:            REG_SZ

  Data:            C:\Program Files\McAfee\Common Framework\frminst.exe

Value 8

  Name:            TC_AttributeCollectionThreadIsRunning

  Type:            REG_DWORD

  Data:            0

Value 9

  Name:            LastUpdateCheck

  Type:            REG_SZ

  Data:            20110514000015

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\SuperDAT

Class Name:        <NO CLASS>

Last Write Time:   11/2/2010 - 2:55 PM

Value 0

  Name:            CompletionSuccess

  Type:            REG_DWORD

  Data:            0xe

Value 1

  Name:            RebootRequired

  Type:            REG_DWORD

  Data:            0

Re: Preparing a Vista image for deployment (GUID) question

Jump to solution

PROBLEM solved!

The root cause was McAfee HIPS.  The host intrustion protection service was blocking READ access to the ePolicy Orchestrator registry keys. (even when using an Admin account that has access).

I turned off HIPS and was able to see what I needed to see.

Do you work for McAfee?  If so, I'd appreciate it if you forward this thread to the writers of the McAfee Agent 4.5 Product Guide, maybe it will help someone else.

Thanks,
Drew

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 9

Re: Preparing a Vista image for deployment (GUID) question

Jump to solution

That's good info - I'll get it passed along

Thanks -

Joe