8 Replies Latest reply on Jun 7, 2011 8:29 AM by JoeBidgood

    Preparing a Vista image for deployment (GUID) question

          Hi All,

      I am preparing a Vista image for Sysyprep.  The image has the ePO Agent and VirusScan Enterprise 8.7i installed.

      From reading the documentation (McAfee Agent 4.5 Product Guide, Pages 18-19), I need to delete the  HKLM\Software\Network Associates\ePolicy Orchestrator\Agent\AgentGUID key.

       

      When I open regedit (with admin credentials), I see HKLM\Software\Network Associates\ePolicy Orchestrator\Agent, but there are no values displayed.  I don't even see a key for AgentGUID.

       

      Is the documentation simply out of date?  I checked the McAfee Agent (via the system tray) and it does appear to have a GUID.

       

      Thanks,
      Drew

       

      McAfee Agent Product Guide:

       

      https://kc.mcafee.com/corporate/index?page=answerlink&url=0bc97397072bd71a8a439b 60a92c8cb6bcf890c2e2ab256f72a4f0ef40b3b41bd3368e5429e205303fdf486fa524750dede330 5e7647375cec628590fe5839278b481845b7219d35295bb075cc8aaf5f121e02bebbc7c55d8fd943 a94ce0501b9f4e2d475e9487023a68f5602c3d574a164bda0152be8930894ccf121fc0fb94f0532a 800bdd7ea6&answerid=16777216&searchid=1306875165465

        • 1. Re: Preparing a Vista image for deployment (GUID) question
          JoeBidgood

          That key looks correct - is it a 64bit system, by any chance? If so the reg key will be different, as the agent is a 32-bit app:

           

          HKLM\Software\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent\AgentGUID

           

          Regards -

           

          Joe

          1 of 1 people found this helpful
          • 2. Re: Preparing a Vista image for deployment (GUID) question

            Joe,

            It is a 32-bit OS.  I even checked another environment we have (separate network) and the key doesn't exist there either.  I have been wondering if maybe McAfee moved the GUID out of the registry and into the file system.  I know they integrated a GUID-conflict remediation tool into the newest version of ePO.  You can detect/fix duplicate GUID's. 

             

            I even searched the entire registry for the value that is shown in the McAfee Agent System tray icon, thinking I would find it that way.  No luck.

             

            Thanks for your help, it seems so easy.  I am logging into the system with admin rights, but maybe I need to right-click regedit.exe and "RunAs Administrator."  I doubt it, but it is something to try.

             

            (edit) Joe - by any chance, do you have a workstation running the latest version of McAfee Agent that you could check for me just as a sanity check?  Maybe something is wrong with our base image, but the workstations DO all have a unique Agent ID, I just can't find it in the registry.

             

            Thanks,

            Drew

             

            Message was edited by: drew2000 on 6/1/11 5:46:15 AM CDT
            • 3. Re: Preparing a Vista image for deployment (GUID) question
              JoeBidgood

              Nope, we haven't moved the AgentGUID location - it should still be there

               

              Definitely try running regedit with RunAs - it may be that the default admin account doesn't have rights to see the agent's reg entries...

               

              HTH -

               

              Joe

              • 4. Re: Preparing a Vista image for deployment (GUID) question

                This morning I confirmed that we do have McAfee Agent 4.5.0 installed.  I checked the AgentID in the McAfee Agent menu on a Windows XP box (to avoid UAC issues).  I am currently searching the registry for the entire string {AgentID} to see if I can locate it.  I just don't understand how the workstation can have an agent ID show up in the system tray but not the registry.  If this search fails, I will repeat the search without the brackets {}, maybe if that fails I will try it without the dashes between the character groups.


                Thanks,
                Drew

                • 5. Re: Preparing a Vista image for deployment (GUID) question
                  JoeBidgood

                  Can you export HKLM\Software to a text file and post it? I'll have a look...

                   

                  HTH -

                   

                  Joe

                  • 6. Re: Preparing a Vista image for deployment (GUID) question

                    Hi Joe,
                    Thanks for taking a look.  This data is from a machine with McAfee Agent 4.0 machine, but the issue is the same {can't find Agent GUID section in the registry}.  The entire file is 23.5MB, so I just exported the relevant section:

                     

                    Yes, the ePolicy Orchestrator section really is empty!

                     

                    Thanks,
                    Drew

                     

                    HKLM\Software\Network Associates

                     

                     

                    Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates

                    Class Name:        <NO CLASS>

                    Last Write Time:   11/2/2010 - 2:52 PM

                    Value 0

                      Name:            <NO NAME>

                      Type:            REG_SZ

                      Data:           

                     

                     

                    Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator

                    Class Name:        <NO CLASS>

                    Last Write Time:  

                     

                    Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\McAfee Fire

                    Class Name:        <NO CLASS>

                    Last Write Time:   11/2/2010 - 2:52 PM

                    Value 0

                      Name:            BUILDTYPE

                      Type:            REG_SZ

                      Data:            COMBO

                     

                     

                    Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\Patch Scanner

                    Class Name:        <NO CLASS>

                    Last Write Time:   11/2/2010 - 1:52 PM

                     

                    Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TalkBack

                    Class Name:        <NO CLASS>

                    Last Write Time:   11/2/2010 - 2:52 PM

                    Value 0

                      Name:            InstallCount

                      Type:            REG_DWORD

                      Data:            0x1

                     

                     

                    Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD

                    Class Name:        <NO CLASS>

                    Last Write Time:   11/2/2010 - 2:35 PM

                     

                    Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components

                    Class Name:        <NO CLASS>

                    Last Write Time:   11/2/2010 - 2:47 PM

                     

                    Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\Events

                    Class Name:        <NO CLASS>

                    Last Write Time:   11/2/2010 - 2:35 PM

                     

                    Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\Events\Forwarding

                    Class Name:        <NO CLASS>

                    Last Write Time:   11/2/2010 - 2:35 PM

                    Value 0

                      Name:            ePO Event Forwarding Program

                      Type:            REG_SZ

                      Data:            C:\Program Files\McAfee\Common Framework\poevtinf.dll

                     

                     

                    Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\Framework

                    Class Name:        <NO CLASS>

                    Last Write Time:   5/14/2011 - 12:00 AM

                    Value 0

                      Name:            STI

                      Type:            REG_SZ

                      Data:           

                     

                    Value 1

                      Name:            <NO NAME>

                      Type:            REG_SZ

                      Data:           

                     

                    Value 2

                      Name:            Version

                      Type:            REG_SZ

                      Data:            4.0.0.1421

                     

                    Value 3

                      Name:            Installed Path

                      Type:            REG_SZ

                      Data:            C:\Program Files\McAfee\Common Framework

                     

                    Value 4

                      Name:            Data Path

                      Type:            REG_SZ

                      Data:            C:\ProgramData\McAfee\Common Framework

                     

                    Value 5

                      Name:            Extended Path

                      Type:            REG_SZ

                      Data:            C:\Program Files\McAfee\Common Framework;C:\ProgramData\McAfee\Common Framework;

                     

                    Value 6

                      Name:            Event Path

                      Type:            REG_SZ

                      Data:            C:\ProgramData\McAfee\Common Framework\AgentEvents

                     

                    Value 7

                      Name:            Uninstall Tool

                      Type:            REG_SZ

                      Data:            C:\Program Files\McAfee\Common Framework\frminst.exe

                     

                    Value 8

                      Name:            TC_AttributeCollectionThreadIsRunning

                      Type:            REG_DWORD

                      Data:            0

                     

                    Value 9

                      Name:            LastUpdateCheck

                      Type:            REG_SZ

                      Data:            20110514000015

                     

                     

                    Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\SuperDAT

                    Class Name:        <NO CLASS>

                    Last Write Time:   11/2/2010 - 2:55 PM

                    Value 0

                      Name:            CompletionSuccess

                      Type:            REG_DWORD

                      Data:            0xe

                     

                    Value 1

                      Name:            RebootRequired

                      Type:            REG_DWORD

                      Data:            0

                    • 7. Re: Preparing a Vista image for deployment (GUID) question

                      PROBLEM solved!

                       

                      The root cause was McAfee HIPS.  The host intrustion protection service was blocking READ access to the ePolicy Orchestrator registry keys. (even when using an Admin account that has access).

                       

                      I turned off HIPS and was able to see what I needed to see.

                       

                      Do you work for McAfee?  If so, I'd appreciate it if you forward this thread to the writers of the McAfee Agent 4.5 Product Guide, maybe it will help someone else.

                       

                      Thanks,
                      Drew

                      • 8. Re: Preparing a Vista image for deployment (GUID) question
                        JoeBidgood

                        That's good info - I'll get it passed along

                         

                        Thanks -

                         

                        Joe