Hi, I install McAfee Security as part of the DeployStudio build. However it's not installed on the base OS image.
In the deployment workflow I have the task to deploy the image then an Install Task that installs the McAfee Security mpkg (amongst other things). (If you're using ePO you'll also need to wrap the Agent install.sh script in a standard PKG and have DeployStudio install that too). I realise it's not quite the answer you're looking for but I've found it to be a reliable method to install McAfee when building machines.
Just out of curiosity, do you ship machines with user profiles already created or "sysprepped"? I delete all traces of users and remove the .applesetupdone flag so when the user recieves it it's like a new system. Do you know if this would this affect the install?
The images I deploy have been made with InstaDMG ( http://code.google.com/p/instadmg/ ). It builds images that have never been booted so there's nothing user or machine specific in them. All the software is installed after the imaging with DeployStudio. Also we bind our Macs to AD so the user account is created when they first login.
Gotcha, I use to use instadmg but found it unneccessary for the images I created. It just added to the complexity needlessly. It's good to know that McAfee does install correctly without user profiles, when you install it through the workflow do you launch the mpkg itself or is it scripted? If it's a script would you mind sharing an example of it with me? Thanks for your input.
For McAfee Security I just install the mpkg itself.
After that I install the McAfee Agent. I decided to wrap the install.sh from the ePO server in a PKG which "installs" the script to /tmp. The PKG has a simple postflight script that runs install.sh in upgrade mode.
There are surely other ways to run the agent install script but this method has been reliable so far.
Also, in DeployStudio both of these are set as postponed installs so they get installed when the machine first boots.
We are using Munki to do all our enterprise deployment once the device has been imaged with Deploystudio. We opted for this method rather than including the install in the deploystudio process. We only use deploystudio to restore the base image.
We have setup Munki (http://code.google.com/p/munki/) to install the base dmg file and use a post flight script to convert the install from unmanaged to managed as described on page 24 of the product documnetation.
This works very well for use and enables us to upgarde the software installation without the need to edit the deploystudio image or workflow.