4 Replies Latest reply on Mar 31, 2016 7:40 PM by norbertg

    Agent version 5 - Including in Image

    shocko

      Guys, in previous version of the agent ( 4.x) we would follow this procedure to remove the AgentGUID form the registry and prepare our images that contained VSE and the agent:

       

       

      In version 4.x the agent consisted of the following services with a display names of:

       

      • McAfee Framework Service

       

      However, since agent version 5.0.2.132 this single service appears to have been replaced by the following services with display names of:

       

      • McAfee Agent Backwards Compatibility Service
      • McAfee Agent Common Services
      • McAfee Agent Service
      • McAfee Service Controller
      • McAfee Validation Trust Protection Service

       

      Now, the underlying service name on McAfee Agent Backwards Compatibility Service is still McAfeeFramework so is it sufficient to simply restart that to generate a new AgentGUID on agent version 5.x?

        • 1. Re: Agent version 5 - Including in Image
          bandit61

          Have you tried to restart on of these services?

          AFAIK, most of them are blocked, if you not

          disable the following policy:

          McAfee Agent / General deselect

          option Enable self protection (Windows only) .

          • 2. Re: Agent version 5 - Including in Image
            andrep1

            It is covered in the product guide, do "maconfig -enforce -noguid" to clear the guid.

            The McAfee agent service is the primary service. All services are controlled by the "McAfee Service Controller" mcafee uses that instead of the windows service manager now.

             

            Best bet is to stop the services (disable access protection for the agent), clear guid and grab you image. Service will start on reboot.

            • 3. Re: Agent version 5 - Including in Image
              bandit61

              This "McAfee Service Controller" make things worth and more complicated for admins,

              if you have issues with system, this security enhancement is of no help, cause it misses

              the possibility to switch it of from ePo - console. This (switch of/on) would be the real

              improvement, if any of this is really necessary in a managed environment.

               

              If an machine - admin can't stop services any longer, i call this prohibition not security!

              • 4. Re: Agent version 5 - Including in Image
                norbertg

                But you can, just set it in EPO and push it to all clients from the top of the system tree. Make sure these policies are inherited down the tree.

                 

                In EPO, goto Assigned Policies under system tree (Top level), choose McAfee Agent under product. Edit the general policy, untick 'Enable self protection (Windows only)', click Save. Wait or push to client.