During the following testing steps we delete the "Mcafee CMA" account and wait to see if it is created again.
We rebuilt our dev server, and tried introducing products one by one to see when the account gets created. We installed just the agent on a Mac system, and we didn't see the account get created. Then we installed Endpoint Protection for Mac. We still didn't see the account. That was all we installed on the test system, but we installed extensions on the EPO server for Management of Native Encryption, HIPS, and also Drive Encryption even though that is not a Mac product.
We then began to see the account being created.
After that we removed EPM and the account was still being created. Then we removed almost all the extensions from EPO and the account still gets created.
Then we disconnected the machine from the network completely, and guess what? The account still gets created every time we delete it , even without any connectivity at all.
So. of course, we then removed the agent, and the account was no longer created, so, it seems, that the mcAfee agent is directly responsible for creating this account. Why the account was not being created initially after just the agent was installed, we can only speculate at this point. It's possible some EPO extension modified the agent in some fashion, or perhaps a dat update package had something to do with it.
We actually created a ticket with McAfee and the 1st level tech had no idea.
We would still like to know what purpose the account has but, it does not really interfere with our operations and frankly, we've wasted too much time on this , testing to figure out the answers to something that McAfee should have a simple answer for.