cancel
Showing results for 
Search instead for 
Did you mean: 
LAL
Level 7
Report Inappropriate Content
Message 1 of 8

VM linked clones and McAFee installation on the template

Hi,

We are having difficulty in deploying McAfee agent, antivirus and antispyware in a VDI environment where we are using VM composer to create the linked clones.

Should we install the agent, AV,AS in the template so that the linked clones get all the products or should we install after creating the base template?

What is the best practice and how do we tackle these issues relating to duplicate GUIDs etc?

Thanks and Regards,

Lal

7 Replies

Re: VM linked clones and McAFee installation on the template

LAL wrote:

Hi,

We are having difficulty in deploying McAfee agent, antivirus and antispyware in a VDI environment where we are using VM composer to create the linked clones.

Should we install the agent, AV,AS in the template so that the linked clones get all the products or should we install after creating the base template?

What is the best practice and how do we tackle these issues relating to duplicate GUIDs etc?

Thanks and Regards,

Lal

Cloning images containing the McAfee Agent can cause problems for ePO. Duplicate GUIDs and MAC addresses cause the problems.

Once the image is deployed, VirusScan Enterprise protects agains changes, so the batch file below needs to have these protections disabled prior to attempting changing the GUIDs and MAC addresses.

Do this before closing the image so that when the newly deployed image is first started new values will populate automatically with virtually no likely of duplicates. (Well, the MAC address needs to be considered in your environment.)

In order  to make either registry change, you will have to temporarily change the default settings within VSE to allow the changes to occur.

From the  VirusScan Console

Access Protection  > Properties

Uncheck (unblock)  'Prevent McAfee services from being stopped'

Common Standard Protection

Uncheck  'Prevent modification of McAfee files and settings'

Uncheck 'Prevent modification of McAfee  Common Management Agent'

Then run the batch file below, or manually make  the changes.

DeleteAgentGUID-MacAddress.Bat:


@echo off
title  McAfee AgentGUID and MacAddress Removal Tool - by Ron Metzger
     echo.
     echo  The McAfee Agent communicates with ePO, Protection Pilot, or McAfee's
     echo  update services, using registry values of AgentGUID and MacAddress, to
     echo  uniquely identify each system. Imaging or duplicating a system breaks
     echo  these unique identifiers. Clearing these values, followed by a reboot or
     echo  services restart, repopulates these values with new and unique entries.
     echo.
     echo  Prior to duplication, clear these registry entries and create the image
     echo  before restarting services or rebooting.
     echo.
     echo  Otherwise,
     echo.
     echo  After duplication, clear these values, then reboot or restart the services.
     echo.
     echo  VSE v8.7i (or above) by default, self-protects against certain changes.
     echo  In order to make either registry change, temporarily disable the
     echo  self-protection settings within VSE v8.7i (or above).
     echo.
     echo  From the VirusScan Console:
     echo  Access Protection > Properties
     echo    Uncheck 'Prevent McAfee services from being stopped'
     echo    Common Standard Protection
     echo      Uncheck (un)Block 'Prevent modification of McAfee files and settings'
     echo      Uncheck (un)Block 'Prevent modification of McAfee Common Management Agent'
     echo.
     Choice.exe /C:YN /N " Press  Y  to continue,  N  to skip . . . ?"
     if ErrorLevel 2 goto Exit

     echo  Stopping services . . .
     net stop McAfeeFramework /yes
     net stop McShield /yes
     net stop McTaskManager /yes
     echo  Stopping services, done.

     echo  Deleting registry entries . . .
     REG delete "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent" /v AgentGUID /F
     REG delete "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent" /v MacAddress /F
     REG delete "HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent" /v AgentGUID /f
     REG delete "HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent" /v MacAddress /f
     echo  Deleting registry entries, done.

     echo.
     echo  Please re-enable the self-protection settings within
     echo  VSE v8.7i (or above) to there original values.
     echo.
     echo  From the VirusScan Console:
     echo  Access Protection > Properties
     echo    Check 'Prevent McAfee services from being stopped'
     echo    Common Standard Protection
     echo      Check Block 'Prevent modification of McAfee files and settings'
     echo      Check Block 'Prevent modification of McAfee Common Management Agent'
     echo.
     Choice.exe /C:YN /N " Press  YN  to continue . . . ?"
     echo.
     echo  About to restart McAfee services.
     echo  This will repopulate AgentGUID and MacAddress values.
     echo.
     echo  Please do Not start these services if Imaging this system Now. (Choose Skip.)
     echo.
     Choice.exe /c:YN /T:N,15 /N " Restart Services?  Y  to continue,  N [or wait 15 seconds]  to skip . . .
     if ErrorLevel 2 goto Exit

     echo  Starting services . . .
     net start McAfeeFramework /yes
     net start McShield /yes
     net start McTaskManager /yes
     echo  Starting services, done.

     Choice /c:YN /T:Y,15 /N " Press  YN [or wait 15 seconds]  to continue . . .
:Exit

This batch file can be used to prep and image or to simply change the values after the image has been issued.

Hope this helps. Post back with more questions.

Thanks,

Ron Metzger

Message was edited by: rmetzger (formatting lost during my original post) on 7/20/10 8:10:12 PM EDT

Re: VM linked clones and McAFee installation on the template

Good one rmetzger! I have one question, i didn't used VM clone but ghost image to use for multi pc so i still use this tool to delete GUID and MAC Address? Then ghost to multi pc? Thanks!

Re: VM linked clones and McAFee installation on the template

smalldog wrote:

Good one rmetzger! I have one question, i didn't used VM clone but ghost image to use for multi pc so i still use this tool to delete GUID and MAC Address? Then ghost to multi pc? Thanks!

Yes. Just before making the image (using Ghost or what have you), delete the AgentGUID and MacAddress. Make the image. Once you have deployed the image, at the first boot, the values that were deleted will be constructed new and presumably unique.

Good luck.

Ron Metzger

Re: VM linked clones and McAFee installation on the template

Here is a link to the Tutorial by McAfee: http://mcafee.com/us/enterprise/products/demos/quick_tips/index.html?bcpid=51191152001&bclid=5338451...

Though it talks about AgentGUID only, I would recommend both AgentGUID and MacAddress be deleted just prior to creating the image and before the agent software is started for the first time.

Ron Metzger

Re: VM linked clones and McAFee installation on the template

Thanks so much Ron Metzger!

LAL
Level 7
Report Inappropriate Content
Message 7 of 8

Re: VM linked clones and McAFee installation on the template

Thanks Veyr much Ron Metzger. We tried the batch file however we still have  the problem and then we manually deleted those entries mentioned in your batch script and then we removed the "AGENT GUID" manually and then imaged it and created clones . It seems to be working.

Thanks once again.

Regards,

Lal

Re: VM linked clones and McAFee installation on the template

If HIPS is installed on the also, would i just add Enum from FireTDI as well.  Or would i need to make more changes.  Thanks