Anyone know what causes this error?
SSH Output: pscp: unable to open install.sh: permission denied
This is found in server Task log when pushing out an agent to a mac?
Well the error says "permission denied" so I would double check the credentials for bringing out the agent.
You need to have ssh enabled on the system, you need root.
You also may want to have a look at the McAfee Agent productguide at pages 33 and following.
I contacted McAfee support about this exact same error message. This is their reply:
"Request you try the deployment with the Root user if you, If not you can copy the install.sh file to the mac machine and change the permission on the file and have this installed,
Note: While copying the file via Winscp please make sure you have the transfer setting is set to binary,"
There isn't a "root" or "binary" option anywhere when doing a deployment through ePolicy. I'm testing one Mac computer now but I'd prefer to use the ePolicy deployment for the rest of the computers rather than logging into each computer with root access and installing it manually. Not really a solution in my opinion. If I get any helpful information from them about hot to deploy it from ePolicy I'll post it here.
I’ve made a little progress, I’ve gotten the agent to install but it still won’t see it in ePolicy Orchestrator. This link helps a lot: https://kc.mcafee.com/corporate/index?page=content&id=KB61125
On the Mac I went to ./Library/McAfee/agent/scripts/uninstall.sh and ran that script then rebooted. In ePolicy Orchestrator I went to the System Tree -> New Systems button -> Create and download agent installation package -> Non-Windows -> Ok button. Save the Agent Package zip file and copy it to the Mac. Unzip it, run sudo chmod +x install.sh on wherever you extracted the zip file then run install.sh -i on that same file.
Not sure why it still won’t see ePolicy Orchestrator but it’s a step in the right direction. Anyone else had any luck?
Yep, it is running. I went through the instructions on the link below to try stopping and restarting the service but it's showing as "unmanaged" in ePO.
I’ve got the ePO system tree syncing with Windows Active Directory and tried pinging the Mac from the server where ePO is installed, and vice versa and get replies both ways. Just kind of reaching here trying to figure out why it doesn’t think it’s managed when the McAfee service is running. I’ve had some other suggestions to use a 3rd party application like Centrify, JAMF, or NoMAD to manage the Mac instead of using Windows AD. Although, unless someone has done that and is sure it works, I don’t really want to throw another variable into this issue.
Got it working now, but it's not a satisfactory solution in my opinion. I ended up enabling the root user on the Mac, uninstalling the McAfee agent and rebooting. I logged in as root and re-installed the agent from the installation package I made from the ePO server. Took a couple of minutes but then it was showing up as “Managed” in ePO.
So…for whatever reason using sudo to install the agent didn’t work, I had to install it as root. I can’t have every end user that has a Mac have local admin rights and enable the root user on their system. Not sure what I’m going to do now, but at least I know what the issue was.
is it possible that you tried a lot of stuff on that system?
Maybe you take just one Mac you haven´t touched at all and then try sudo install.
In all of my cases it worked just like this.
I reloaded the original OS from the disk image which was El Capitan and had the same issues; it won't push the agent to the Mac from the ePO server. I upgraded to High Sierra and still can't get it to push out. If I manually install the package from the steps above using sudo it will install the agent but not be seen as "managed". I had to install it as root to get the "managed" state on the ePO server. I contacted McAfee support about what I've found and they want me try it again and send some additional logs from ePO. I'll give that a go and see what they say.
There is a Hotfix for this issue. Agent 188.8.131.527 will allow you to deploy to Mac from the console. If you have an agent on the Mac already you'll need to uninstall that first, otherwise it'll error out because it says it can't upgrade the agent.