1 Reply Latest reply on Jul 1, 2015 12:08 PM by awbattelle

    Mac Agent creating a User Account "McAfee CMA"

    awbattelle

      EPO 4.6.7

      Agent for Mac 4.8.0.1938

      We are noticing that a new user account is being created on the Macs called "McAfee CMA" . The account is not installed with the agent, Tests have shown that it is created upon the first check in to EPO. If we delete the account, it is created again the next time the system contacts EPO.

      This user account does not have a library or a profile, and does not seem to have any privileges, so it just looks like a standard user account that hasn't been logged into.

      So, we are wondering has anyone else seen this? What is it for?

      The tests were performed on a clean system with nothing other than the agent on it. Of course, the EPO server does have extensions for other products., Those products include Endpoint Protection for Mac, and the Management of Native Encryption product.

      Thanks

        • 1. Re: Mac Agent creating a User Account "McAfee CMA"
          awbattelle

          During the following testing steps we delete the "Mcafee CMA" account and wait to see if it is created again.

          We rebuilt our dev server, and tried introducing products one by one to see when the account gets created.  We installed just the agent on a Mac system, and we didn't see the account get created. Then we installed Endpoint Protection for Mac. We still didn't see the account. That was all we installed on the test system, but we installed extensions on the EPO server for Management of Native Encryption, HIPS, and also Drive Encryption even though that is not a Mac product.

          We then began to see the account being created.

          After that we removed EPM and the account was still being created. Then we removed almost all the extensions from EPO and the account still gets created.

          Then we disconnected the machine from the network completely, and guess what? The account still gets created every time we delete it , even without any connectivity at all.

          So. of course, we then removed the agent, and the account was no longer created, so, it seems, that the mcAfee agent is directly responsible for creating this account. Why the account was not being created initially after just the agent was installed, we can only speculate at this point. It's possible some EPO extension modified the agent in some fashion, or perhaps a dat update package had something to do with it.

          We actually created a ticket with McAfee and the 1st level tech had no idea.

          We would still like to know what purpose the account has but, it does not really interfere with our operations and frankly, we've wasted too much time on this , testing to figure out the answers to something that McAfee should have a simple answer for.