1 Reply Latest reply on Jun 27, 2012 8:44 PM by tappetmus

    Creating stand-alone VSE880 installer + McAfee Agent in managed mode

      I've been using McAfee Installation Designer to create stand-alone installers for VirusScan Enterprise that include the McAfee Agent in managed mode for a while now and I thought I'd share the process I've come up with. There are quite a few changes that need to be made to the resulting MID package in order to overcome some of the limitations. We use these installers to quickly install VSE + MA on end-user systems and when building new images, etc.


      First, some of the problems I've had to solve:


      • When installing on a fresh system with no McAfee Agent already installed, the agent is installed only in Updater mode (unmanaged).
      • Our sitelist.xml contains over 100 remote repositories, and at the end of the installation when it attempts to update it tries each and every one of those in turn.
      • The initial remote repository updates fail because the repository public keys aren't included in the install, causing the verification of catalog.z to fail.
      • SetupVSE.exe prompts the user to disable Windows Defender even in reduced UI mode.


      In order to deal with the initial sitelist problem, I created a new FramePkg.exe with a reduced sitelist. To do this, I copied the entire DB\Software\Current\EPOAGENT3000\Install\0409\ directory from the ePolicy server to my local system. Then I modified the sitelist.xml file inside and removed all but our master repository and the McAfee fallback sites from it. Finally, I generated a new FramePkg.exe with the modified sitelist with the command:


      FrameworkPackage.exe /WorkingDir=. /Version= /Validate


      Make sure you're running the exe from the 0409 directory or adjust the WorkingDir variable to compensate, and adjust the Version variable to match your current agent version. This new FramePkg.exe will be used in the MID-generated package. Copy it and the modified sitelist.xml and the reqseckey.bin, req2048seckey.bin, srpubkey.bin, and sr2048pubkey.bin files to your build machine.


      On the build machine you may want to manually install VSE + McAfee Agent and make sure it's checked into ePO, updated its policies and imported the repository public keys. Then install MID and create your custom installer. When you get to the AutoUpdate Configuration screen, choose "New Common Management Agent Updater installation file" and point it to your newly created FramePkg.exe file. You can also click "Read AutoUpdate repository list" and include your modified sitelist file - not sure if this is absolutely necessary as I believe the FramePkg version will be used.


      On the Additional Files screen, add the RepoKeys.ini file that was downloaded from the ePO server. It should be located in C:\ProgramData\McAfee\Common Framework\ on Vista/Win7 and C:\Documents and Settings\AllUsers\ApplicationData\McAfee\Common Framework\ on XP. (You need to enable "Show hidden files & folders" in Windows explorer to see them.) Because MID only offers certain pre-defined destinations for these additional files, you can select C: as the destination folder and fill in the subfolders to match the path above. (We'll fix it later so it will work on both XP and Vista/Win7 systems.)


      Once the package has been generated, if you've selected the option to create an ePO package unzip it to a temporary directory. Next we need to edit the VSE880.msi file. You'll need Orca to do this - you can get a copy here http://myserverissick.com/2011/04/orca-5-msi-editing-tool/ After you install Orca, right-click on the VSE880.msi file and select Edit with Orca.


      First we're going to solve the unmanaged agent problem. The custom commands in the MSI file that do the agent install specify the /Install=Updater switch only. We're going to change that to /Install=Agent. On the Edit menu, select Replace and in "Find what" enter Install=Updater and in "Replace with" enter Install=Agent. Then click Replace All. You may also want to replace all instances of Remove=Updater with Remove=Agent so uninstalls work correctly.


      Next we have to fix the destination folder for RepoKeys.ini. Select the Directory table on the left and scroll all the way to the bottom. You should see several entries similar to "_id_1782661421397". Locate the entry that has "McAfee" as the DefaultDir and change the Directory_Parent value to "CommonAppDataFolder" (without the quotes). This change will insure that it goes into the proper directory regardless of the OS. Then save the MSI and close Orca.


      Finally, to get rid of the prompt to disable Windows Defender we have to edit SetupVSE.exe with a binary editor. I use XVI32 which you can download here: http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm#download . You'll need to change the two bytes starting at address 0x4122 from 75 12 to 90 90. All this does is prevent the check for silent mode and automatically disable any currently installed anti-malware products without prompting. (This location has changed from major VSE version to major VSE version so you'll want to disassemble the binary and compare it to the new one to find the correct location for future versions.)


      Once I've made these changes I use Package for the Web (an old InstallShield program that unfortunately isn't available any longer, but you might be able to find it if you search around) to package everything up into a single executable that extracts the install files to a temp directory, runs SetupVSE.exe /qr and then deletes the temp files upon completion of the install. With all the modifications, this results in a single file that you can double-click and it runs the install without any further user intervention. At the end of the install, it will pull updates from our master repository or if that isn't available it will fall back to pulling from McAfee's site after a short delay and will then be managed by ePO along with all the policies and the full sitelist and rules that go along with it.


      Hopefully this helps someone. It's taken me quite a while to refine everything and it makes setting up new PCs and images a lot faster and caters to the lowest common denominator of end-user.