McAfee Agent 5.0.

6 Installation
Guide (McAfee ePolicy Orchestrator)
Contents
Installing McAfee Agent 4
Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Supported languages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Install McAfee Agent extension and packages on McAfee ePO. . . . . . . . . . . . . . . . . . . . . . . . . 6
Methods of deploying McAfee Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
McAfee Agent files and folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
McAfee Agent installation package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Deploying from McAfee ePO. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Install on Windows systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Install on Windows from McAfee ePO. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Install on Windows using third-party deployment methods. . . . . . . . . . . . . . . . . . . . 15
When to install using Windows logon scripts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Create custom installation packages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Install on Windows manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Command-line options for installing McAfee Agent on Windows. . . . . . . . . . . . . . . . 17
Install on Windows with logon scripts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Install using Group Policy Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Install on Linux and Macintosh systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Install on non-Windows operating systems from McAfee ePO. . . . . . . . . . . . . . . . . . 19
Install on non-Windows operating systems manually. . . . . . . . . . . . . . . . . . . . . . . . . . 20
Install the agent in managed mode on Ubuntu systems. . . . . . . . . . . . . . . . . . . . . . . 20
Install the agent on Red Hat Linux devices using third party deployment method. 21
Script options for installing McAfee Agent on non-Windows. . . . . . . . . . . . . . . . . . . . 21
Deploying McAfee Agent using the McAfee Smart Installer. . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Create customized McAfee Smart Installer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Install McAfee Agent using customized McAfee Smart installer. . . . . . . . . . . . . . . . . 22
Install URL-based McAfee Agent manually using command-line parameters. . . . . . 23
Manage Agent Deployment URLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Install McAfee Agent in Virtual Desktop Infrastructure mode. . . . . . . . . . . . . . . . . . . . . . . . . 25
Using the maconfig command-line tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Processes used by McAfee Agent 5.0.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Including McAfee Agent on an image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Upgrading and restoring agents 32

Upgrading vs. updating. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Upgrade McAfee Agent using a Product Deployment task. . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Upgrade an unmanaged McAfee Agent on Ubuntu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Restore a previous version of the agent on Windows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
 Restore a previous version of the agent on non-Windows systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Removing McAfee Agent from Windows 34

Remove agents when deleting systems from the System Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Remove agents when deleting groups from the System Tree. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Remove agents from systems in query results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Remove the agent using Windows command prompt. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Remove McAfee Agent from non-Windows operating systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 3

Installing McAfee Agent
There are multiple ways to install McAfee Agent on your client systems. The method you choose depends on the operating
system, first-time installation or upgrade, and tools used.
You need these components to install McAfee Agent on clients systems.
• McAfee ePO extension — A .zip file that is installed on McAfee ePO. Installing McAfee Agent allows you to customize product
features on McAfee ePO.
• McAfee Agent software package — A .zip file that contains product installation files. Once the package is checked in to the
Master Repository, McAfee ePO can deploy it to your managed systems.
• McAfee Agent key updater package — This distributes the new master keys when an update is received from the McAfee ePO
managed repositories. McAfee Agent uses agent-server secure communication (ASSC) keys to communicate securely with the
server. You can generate new ASSC keys and use them as a master set. Existing agents that use other keys in the agent-server
secure communication keys list do not change to the new master key unless there is a client agent key updater task scheduled
and run. McAfee Agent key updater package is multi-platform and updates the master public key (srpubkey.bin) and the
corresponding request key (reqseckey.bin).
McAfee Agent 5.0.0 is backward compatible and works with all managed products that were using McAfee Agent 4.8.x.

4 McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator)

Requirements
Make sure that your client systems meet these requirements before installing McAfee Agent.

System requirements
• Installed disk space — 50 MB (minimum), excluding log files
• Memory — 512-MB RAM (minimum)
• Processor speed — 1 GHz (minimum)
Note: The list specifies the minimum system requirement for McAfee Agent. For information about system requirement for
other McAfee products, see their respective McAfee product documentation.

Supported operating systems and processors

For information about supported operating systems, see KB51573.
The agent supports all Data Execution Prevention modes in Windows operating systems.
Note: McAfee Agent does not support deployment to Windows Server 2003 SP 1 from McAfee ePO and must be installed locally.

Additional supported platforms

You can install the agent on the virtual guest operating systems using these virtualization environments.
• Windows Server 2008 Hyper-V
• ESX
• VMware Workstation
• VMware player
• Citrix XenServer
• Citrix XenDesktop
• VMware Server

Supported languages
McAfee Agent is translated into multiple languages and installs, by default in the locale of the operating system.
The Windows client systems support these languages:

Language Language code

Portuguese (Brazil) 0416

Chinese (Simplified) 0804

Chinese (Traditional) 0404

Czech 0405

Danish 0406

Dutch 0413

English 0409

Finnish 040b

French 040c

German 0407

Italian 0410

Japanese 0411

Korean 0412

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 5

 Language Language code

Norwegian 0414

Polish 0415

Portuguese 0416

Russian 0419

Spanish 0c0a

Swedish 041d

Turkish 041f

McAfee Agent on Macintosh client systems supports English, Japanese, French, German, and Spanish.
McAfee Agent on all other supported non-Windows client systems supports only English.

Using multiple languages in your environment

You might need to use more than one language in your environment. This requires additional steps to make sure that the
appropriate character sets for your chosen languages are supported. Follow these suggestions to make sure that all characters
for each language are properly displayed in the McAfee Agent monitor.
• Configure your operating systems to use Unicode support for McAfee Agent.
• Install the appropriate operating system language packs on the systems to display language-specific characters.

Install McAfee Agent extension and packages on McAfee ePO

Before McAfee Agent can be installed on the managed systems, the extension, the software package, and key updater package
must be added to McAfee ePO.
Note: You can manage previous versions of McAfee Agent with 5.0.0 extension, but previous version extensions cannot manage
McAfee Agent 5.0.0 client.

Task
1. Download the McAfee Agent extension, EPOAGENTMETA.zip, McAfee Agent packages, and the key updater packages to the
system with McAfee ePO.
You can download McAfee Agent packages from McAfee ePO Software Manager. See McAfee ePO product documentation for
more details.
McAfee Agent comes with different packages for each supported operating system.

Name Description

MA5xxLNX.zip Linux package

MA5xxWIN.zip Windows package

MA5xxMAC.zip Macintosh package

MA5xxWIN_Embedded.zip Windows Embedded Credentials package

help_ma_5xx.zip McAfee ePO Help extension

EPOAGENTMETA.zip McAfee ePO extension

AgentKeyUpdate.zip Key updater package

2. Install McAfee Agent and Help extension:

6 McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator)

 a. In McAfee ePO, select Menu → Software → Extensions.
b. Click Install Extension.
c. Browse to the location of EPOAGENTMETA.zip, select it, then click OK. The Install Extension summary page appears.
d. Click OK to complete the installation of the extension.
e. Repeat step a through d to install Help extension.
Note: When upgrading from McAfee Agent 4.8 Help extension to 5.0, uninstall the agent 4.8 Help extension then perform
steps a through d to install 5.0 Help extension.
3. For each agent package you need to check in to the McAfee ePO repository:
a. Select Menu → Software → Master Repository. A list of packages in the repository appears.
b. Click Check In Package, then browse to the agent packages list, select as needed, then click Next.
c. Make sure that Current is selected in the Branch field, then click Save.

Methods of deploying McAfee Agent

McAfee Agent can be deployed to client systems in several ways.
Use this table to choose the right method.

Method Action Notes

McAfee ePO The McAfee ePO administrator specifies • Selecting many systems can
the systems and selects one of the Push temporarily affect network
Agents options when adding a system, or throughput.
Deploy Agents for systems already in the • You must specify credentials with
System Tree. administrator rights to the target
systems.

Manual (using the FramePkg.exe The network administrator installs • Allows for information such as custom
installer) McAfee Agent on each managed system properties to be added on an
individually. individual system basis.
• Once McAfee Agent is installed, use
McAfee ePO to upgrade products and
update product content.

Third-party software such as Microsoft Configure your third-party software to • McAfee Agent installation package
Systems Management Server (SMS), distribute McAfee Agent installation contains needed security keys and the
Microsoft Group Policy Objects (GPO), package, which is on your McAfee ePO. Sitelist.xml file.
or IBM Tivoli • See the instructions that come with
your third-party tools.

Logon scripts (Windows only) The network administrator creates an • The user must log on to the system to
installation or upgrade script, which runs trigger the installation or upgrade.
at each logon to a system. • The installation package must be in a
location accessible to the system.

Customized McAfee Smart installer The McAfee ePO administrator creates a • The managed system users must have
customized McAfee Smart installer and administrator rights to install McAfee
distributes it to managed system users Agent manually.
for manual installation. • Enabling peer-to-peer servers helps
reduce load on McAfee ePO.
• Once McAfee Agent is installed,
assigned policies and client tasks are
enforced on the managed system.

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 7

 Method Action Notes

Deployment task Use McAfee ePO System Tree to upgrade • McAfee Agent must already be present
McAfee Agent on selected target on the target system.
systems. • Enabling peer-to-peer servers helps
reduce load on McAfee ePO.

An image with McAfee Agent The administrator removes McAfee • Removing the GUID allows McAfee
Agent GUID using the command-line Agent to generate a new GUID on the
switch, then creates an image that first agent-server communication.
contains McAfee Agent and deploys the • Failure to remove the GUID results in
image. "sequencing errors" from multiple
identical systems.

Unmanaged McAfee products on Using the System Tree, the McAfee ePO • McAfee Agent must already be present
Windows systems administrator selects systems to be on the target system in unmanaged
converted from unmanaged status to mode.
managed status and selects Actions →
Agent → Deploy Agents.

Unmanaged McAfee products on non- Type the following command on the • You must have root permission to
Windows platforms system with McAfee Agent that you want perform this action.
to convert from unmanaged to • You must use the srpubkey.bin,
managed: reqseckey.bin, sr2048pubkey.bin,
<agent install path>/bin/maconfig - req2048seckey.bin, and Sitelist.xml
provision -managed -dir <Path of files from McAfee ePO.
location containing agentfipmode,
srpubkey.bin, reqseckey.bin,
sr2048pubkey.bin,
req2048seckey.bin, Sitelist.xml>

McAfee Agent files and folders

Installing McAfee Agent places files in different locations depending on the operating system.

Operating
Folder
Location
system
content

Windows
Installation
<PROGRAMFILES>\McAfee\Agent
(32-
files
bit
and
64-
bit)
•
Windows
7–
10
•
Windows
Server
2016
•
Windows
Server

8 McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator)

Operating
Folder
Location
system
content
2012
R2
•
Windows
Server
2012
•
Windows
Server
2008
R2

Linux
/opt/McAfee/agent/

Macintosh
/Library/McAfee/agent

Windows
Data
<Documents and Settings>\All Users\Application Data\McAfee\Agent
(32-
Iffiles
the operating system does not have a Documents and Settings folder, the default location is <System_Drive>\ProgramData
bit
\McAfee\Agent.
and
64-
bit)
•
Windows
7–
10
•
Windows
Server
2016
•
Windows
Server
2012
R2
•
Windows
Server
2012
•
Windows
Server
2008
R2

Linux
/var/McAfee/agent/
and
Macintosh

Linux
Configuration
/etc/ma.d/
and
and
Macintosh
management
information

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 9

Operating
Folder
Location
system
content
(including
GUID
and
agent
version)
needed
to
manage
products

Linux
Script
/etc/init.d/ma
for
Macintosh
/Library/StartupItems/ma
starting
and
stopping
the
agent
manually
and
when
called
by
the
system.

Windows
Installation
%TEMP%\McAfeeLogs

• log
files
Windows
7–
10
•
Windows
Server
2016
•
Windows
Server
2012
R2
•
Windows
Server
2012
•
Windows
Server
2008
R2

Windows
Agent
<Documents and Settings>\All Users\Application Data\McAfee\Agent\Logs

•Iflog
the operating system does not have a Documents and Settings folder, the default location is <System_Drive>\ProgramData
files
Windows
\McAfee\Agent\Logs.

10 McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator)

Operating
Folder
Location
system
content
7–
10
•
Windows
Server
2016
•
Windows
Server
2012
R2
•
Windows
Server
2012
•
Windows
Server
2008
R2

Linux
/var/McAfee/agent/logs
and
Macintosh

Windows
Peer-
<Documents and Settings>\All Users\Application Data\McAfee\Agent\data\mcafeeP2P
If
• to-
the operating system does not have a Documents and Settings folder, the default location is <System_Drive>\ProgramData
peer
Windows
\McAfee\Agent\data\McAfeeP2P.
repository
7–
path
10
•
Windows
Server
2016
•
Windows
Server
2012
R2
•
Windows
Server
2012
•
Windows
Server
2008
R2

Linux
/var/McAfee/agent/data/McAfeeP2P
and
Macintosh

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 11

Operating
Folder
Location
system
content

Windows
Lazy
<Documents and Settings>\All Users\Application Data\McAfee\Agent\data\McAfeeHttp
If
• cache
the operating system does not have a Documents and Settings folder, the default location is <System_Drive>\ProgramData
repository
Windows
\McAfee\Agent\data\McAfeeHttp.
path
7–
10
•
Windows
Server
2016
•
Windows
Server
2012
R2
•
Windows
Server
2012
•
Windows
Server
2008
R2

Linux
/var/McAfee/agent/data/McAfeeHttp
and
Macintosh

Windows
Database and Settings>\All Users\Application Data\McAfee\Agent\DB
<Documents

•Ifpath
the operating system does not have a Documents and Settings folder, the default location is <System_Drive>\ProgramData
Windows
\McAfee\Agent\DB.
7–
10
•
Windows
Server
2016
•
Windows
Server
2012
R2
•
Windows
Server
2012
•
Windows
Server
2008
R2

12 McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator)

Operating
Folder
Location
system
content

Linux
/var/McAfee/agent/db
and
Macintosh

McAfee Agent installation package

McAfee Agent installation package (FramePkg.exe or install.sh) is created when you install McAfee ePO or check in McAfee Agent
package. You can install McAfee Agent on the client systems using the installation package.
This file is a customized installation package for McAfee Agent that reports to your McAfee ePO. The package contains
information needed for McAfee Agent to communicate with the server. Specifically, this package includes:
• McAfee Agent installer
• Sitelist.xml file
• srpubkey.bin (the server public key)
• reqseckey.bin (the initial request key)
• req2048seckey.bin
• sr2048pubkey.bin
• agentfipsmode file
By default, McAfee Agent installation packages are at <System Drive>\Program Files (x86)\McAfee\ePolicy Orchestrator\DB
\Software\Current\<Product Id>\Install\0409. Product IDs for supported operating systems are:

Operating System Product ID

Linux EPOAGENT3700LYNX

Windows EPOAGENT3000

Macintosh EPOAGENT3700MACX

The Windows installation package is FramePkg.exe and the non-Windows package is install.sh.
This is the installation package that McAfee ePO uses to distribute and install McAfee Agent. Other FramePkg.exe files are
created when:
• You specifically create one in McAfee ePO
• McAfee Agent packages are checked in to any branch of the repository (Previous, Current, or Evaluation)
• Encryption key changes
The default McAfee Agent installation package doesn't contain user credentials. When executed on the targeted system, the
installation uses the account of the currently logged-on user.
You can create custom installation packages with embedded credentials if needed by your environment.
Important: Because an installer package has embedded credentials, access to it should be severely restricted. Installer packages
with embedded credentials should only be used in specific situations where another deployment method is not available. For
additional, important information about the use of embedded credentials, see McAfee KB65538.
You can also create a customized McAfee Smart installer using McAfee ePO. This McAfee Smart installer can be distributed to
client system users for McAfee Agent installation.

Deploying from McAfee ePO

Deploying from McAfee ePO allows you to install McAfee Agent on multiple client systems at the same time.
• Systems must already be added to the System Tree.
Tip: If you have not yet created the System Tree groups, you can deploy the McAfee Agent installation package to systems when
you add groups and systems to the System Tree. But, if you are importing large domains or Active Directory containers, don't use
this method. It generates significant network traffic.

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 13

• The user must have local administrator rights on all target systems. Domain administrator rights are required on a system to
access the default Admin$ shared folder. McAfee ePO service requires access to this shared folder to install McAfee Agent.
• McAfee ePO must be able to communicate with the target systems.
Before beginning a large McAfee Agent deployment, make sure that the client systems are reachable from McAfee ePO. To test
the connectivity between McAfee ePO and McAfee Agent, ping the client systems with IP address or host name depending on
how the client systems are identified in McAfee ePO.
Tip: The ability to successfully use ping commands from McAfee ePO to managed systems is not required for McAfee Agent to
communicate with the server. But it is a useful test to determine if you can deploy McAfee Agent to those client systems from
McAfee ePO.
• The Admin$ share folder on Windows target systems must be accessible from McAfee ePO. Verify that this is true on a sample
of target systems. This test also validates your administrator credentials, because you cannot access remote Admin$ shares
without administrator rights.
From McAfee ePO, click Windows Start → Run, then type the path to the target system's Admin$ share, specifying system name or
IP address. For example, type \\<System Name>\Admin$.
If the systems are properly connected over the network, and your credentials have sufficient rights, and the Admin$ share
folder is present, a Windows Explorer dialog box appears.
• Enable SSH on the Linux and Macintosh client systems before installing McAfee Agent from McAfee ePO.
Comment out the following line in the /etc/sudoers file on a Red Hat operating system.
Default requiretty

Remove the comment from the following line /etc/ssh/sshd_config file

PermitRootLogin Yes

Note: You must have root permissions to install McAfee Agent on non-Windows system.
• Network access must be enabled on Windows 7 Home client systems.
• File and Print sharing must be enabled.
• Server services must be enabled.
• Remote registry services must be enabled.
• User Account Control must be temporarily disabled on client systems to push McAfee Agent from McAfee ePO.
The push deployment feature can install McAfee Agent on many systems at the same time. You can only install a single version of
McAfee Agent on a client system.

Install on Windows systems

You can install the agent on Windows systems directly from the McAfee ePO console.
Or, you can:
• Copy the agent installation package to removable media or a network share for manual or logon script installation on your
Windows systems.
• Copy the customized McAfee Smart installer to download and install agent manually on the managed systems.

Install on Windows from McAfee ePO

Installing McAfee Agent on your Windows systems using McAfee ePO can support many systems at the same time.

Before you begin

• McAfee Agent extension must be installed on McAfee ePO and appropriate software and key updater packages must be added
to the Master Repository.
This method is recommended if large segments of your System Tree are already populated. For example, if you created System Tree
segments by importing domains or Active Directory containers, and you chose not to deploy McAfee Agent during the import.
Tip: You can only install one version of McAfee Agent on one type of operating system with this task. If you need to install on
multiple operating systems or versions, repeat this task for each additional target operating system or version.

Task
1. Select Menu → Systems → System Tree, then select the groups or systems where you want to deploy McAfee Agent.
2. Click Actions → Agent → Deploy Agents.
3. Select the appropriate Agent version drop-down list given the target operating system, and select a version from that list.

14 McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator)

4. Select these options as appropriate:
◦ Install only on systems that do not already have an agent managed by this ePO server
◦ Force installation over existing version
Note: If you use the force installation option, the existing McAfee Agent is removed in its entirety, including policies, tasks,
events, and logs, before the new McAfee Agent is installed.
5. To change the installation path from the default, enter the target path in the Installation path option.
6. Type valid credentials in the Domain, User name, and Password and Confirm password fields.
If you want these entries to be the default for future deployments, select Remember my credentials for future deployments.
7. If you do not want the defaults, enter values in the Number of attempts, Retry interval, and Abort after options.
8. If you want the deployment to use a specific Agent Handler, select it from the drop-down list. If not, select All Agent Handlers.
9. Click OK.

Results
The Server Task Log page appears with the Deploy McAfee Agent task listed.

Install on Windows using third-party deployment methods

Installing the agent using third-party deployment methods requires an installation package created for that environment.

Before you begin

The agent extension must be installed on McAfee ePO and appropriate agent packages must be added to the Master Repository.

Task
1. Create an installation package.
a. Select Menu → Systems → System Tree, then select New Systems.
b. Select Create and download agent installation package.
c. Select the appropriate Agent version.
d. Deselect Embed Credentials in Package to receive the default package. Otherwise, specify the required credentials.
e. If you want the deployment to use a specific Agent Handler, select it from the drop-down list. If not, select All Agent Handlers.
f. Click OK.
g. Select FramePkg.exe and save it to the desktop.
2. To embed credentials on systems not belonging to a domain, change the local security policy on the target systems.
a. Log on to the target system using an account with local administrator rights.
b. From the command line, run SECPOL.MSC to open the Local Security Settings dialog box.
c. In the System Tree under Security Settings → Local Policies, select User Rights Assignment.
d. In the Policy column of the details pane, double-click Impersonate a client after authentication to open the Local Security Policy Setting
dialog box.
e. Click Add User or Group to open the Select Users or Groups dialog box.
f. Select the user or group that the user is likely to run as, then click Add.
g. Click Add.

Results
You are now ready to use your third-party software to distribute the installation package, FramePkg.exe.
Note: By default User Access Control is enabled on Windows Vista and later operating systems. The administrator must add
permission to the user or turn off User Access Control to install the agent manually on client systems.

When to install using Windows logon scripts

In environments where the client systems log on to the network, network logon scripts can be used to install McAfee Agent on
Windows systems.
Network logon scripts can be used to make sure that every system logging on to your network is running McAfee Agent. You can
create a logon script to call a batch file that checks if McAfee Agent is installed on systems trying to log on to the network. If no
McAfee Agent is present, the batch file installs McAfee Agent before allowing the system to log on. In two minutes of being

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 15

installed, McAfee Agent calls into the server for updated policies and McAfee ePO tasks, and the system is added to the System
Tree.
This method is appropriate when:
• Domain names or sorting filters are assigned to the segments of your System Tree.
• You already have a managed environment and want to make sure that new systems logging on to the network become
managed as a result.
• You already have a managed environment and want to make sure that systems are running a current version of McAfee Agent.

Create custom installation packages

Custom installation packages can be used to install McAfee Agent on systems that are not managed by McAfee ePO.
If you use a distribution method other than deployment capabilities (such as logon scripts or third-party deployment software),
you can create a custom installation package (FramePkg.exe). For Windows systems, you can create the package with embedded
administrator credentials. This is needed in a Windows environment if users do not have local administrator rights. The user
account credentials you embed are used to install McAfee Agent.
Note: Because an installer package created for this purpose has embedded credentials, access to it should be severely restricted.
Installer packages with embedded credentials should only be used in specific situations where another deployment method is
not available. For additional, important information about the use of embedded credentials, see KB65538.

Task
1. Select Menu → Systems → System Tree, then select New Systems.
2. Next to How to add systems, select Create and download agent installation package.
3. Select the appropriate Agent version.
4. Select or deselect Embed Credentials in Package. If selected, type the appropriate Credentials for agent installation.
If you want these credentials to be remembered the next time you complete this task, click Remember my credentials for future
deployments.
5. If you want the installer to use a specific Agent Handler, select it from the drop-down list. If not, select All Agent Handlers.
6. Click OK.
7. When prompted, select the file to be downloaded. Click to open the file, or right-click to save the file.
8. Distribute the custom installation package file as needed.

Install on Windows manually

You can manually install McAfee Agent on the system, or distribute the FramePkg.exe installer for users to run the installation
program themselves.
If you want users (with local administrator rights) to install McAfee Agent on their own systems, distribute the installation
package file to them. You can attach it to an email message, copy it to media, or save it to a shared network folder.

Task
1. Copy the installation package, FramePkg.exe, from your McAfee ePO to a shared folder on a network server accessible by the
target system.
2. On the target system, navigate to and right-click FramePkg.exe, select Run as administrator, and wait a few moments while McAfee
Agent is installed.
3. Click OK to complete the installation.
In ten seconds, McAfee Agent calls into McAfee ePO for the first time.
Note: Systems where McAfee Agent is installed manually are located initially in the Lost & Found group of the McAfee ePO System
Tree.

Results
After McAfee Agent is installed, it calls into the server and adds the new system to the System Tree.

16 McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator)

Command-line options for installing McAfee Agent on Windows
Depending on whether McAfee Agent is already installed, you can use command-line options when you run McAfee Agent
installation package (FramePkg.exe) or McAfee Agent framework installation (FrmInst.exe) program.
Use these command-line options with the deployment task to upgrade to a new version of McAfee Agent.
This table describes McAfee Agent installation command-line options. These options are not case sensitive. FramePkg.exe and
FrmInst.exe require administrator rights, so they must be run from an administrator command prompt or configured to always
run as administrator.

FramePkg.exe and FrmInst.exe command-line options

Description
Command

Allows
/ you to set custom properties.
Example:
Customprops
FRAMEPKG /INSTALL=AGENT /Customprops1="prop1" /Customprops2="prop2" /Customprops3="prop3"

Specifies
/ the folder on the system to store McAfee Agent data files. The default location is: <Documents and Settings>\All
Users\Application
DATADIR Data\McAfee\Agent. If the operating system does not have a Documents and Settings folder, the default
location is C:\ProgramData\McAfee\Agent.
Example: FRAMEPKG /INSTALL=AGENT /DATADIR=D:\AgentData

Specifies
/ a domain, and account credentials used to install McAfee Agent. The account must have rights to create and start
services
DOMAIN on a system. If left unspecified, the credentials of the currently logged-on account are used. If you want to use an
account
/ that is local to a system, use the system’s name as the domain.
Example:
USERNAME
/
FRAMEPKG /INSTALL=AGENT /DOMAIN=mydomain.com /USERNAME=jdoe /PASSWORD=password
PASSWORD

Installs
/ McAfee Agent in VDI mode.
enableVDImode

Specifies
/ that the existing McAfee Agent is uninstalled, then the new McAfee Agent is installed. Use this option only to change
the
FORCEINSTALL
installation directory or to downgrade McAfee Agent. When using this option, we recommend specifying a different
directory for the new installation (/INSTDIR).
Example:
FRAMEPKG /INSTALL=AGENT /FORCEINSTALL /INSTDIR=D:\McAfeeAgent

/Installs
/ and enables McAfee Agent in managed mode.
INSTALL=AGENT
Example:
INSTALL
FRAMEPKG /INSTALL=AGENT

Enables
/ the AutoUpdate component if it has already been installed, and does not change whether McAfee Agent is enabled.
This
INSTALL=UPDATER
command-line option upgrades McAfee Agent. Use this command to install McAfee Agent in unmanaged mode.
Note: An Embedded credential package cannot be used to install McAfee Agent in unmanaged mode.
Example:
FRAMEPKG /INSTALL=UPDATER

Installs
/ McAfee Agent in a 32-bit mode on a 64-bit operating system.
Example:
INSTALL=AGENT /
FORCE32BITSERVICES
/INSTALL=AGENT /FORCE32BITSERVICES

Specifies
/ the installation folder on the system. You can use Windows system variables, such as <SYSTEM_DRIVE>. If not
specified,
INSTDIR the default location is: <DRIVE>: \program files\mcafee\Agent
Example: FRAMEPKG /INSTALL=AGENT /INSTDIR=C:\ePOAgent

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 17

Description
Command

Removes
/ McAfee Agent if not in use. If in use, McAfee Agent changes to updater mode.
Example:
REMOVEFRMINST /REMOVE=AGENT

Removes
/ McAfee Agent forcibly from the client system.
Example:
FORCEUNINSTALL
FrmInst.exe /FORCEUNINSTALL

Resets
/ McAfee Agent language to its default operating system language.
RESETLANGUAGE

Installs
/ McAfee Agent in non-interactive mode, hiding the installation from the user.
Example:
SILENT FRAMEPKG /INSTALL=AGENT /SILENT
or /
S

Specifies
/ the folder path to a specific repository list (McAfee Agent installer, reqseckey.bin (the initial request key),
srpubkey.bin
SITEINFO (the server public key), req2048seckey.bin, sr2048pubkey.bin, Sitelist.xml file, and agentfipsmode file).
Example: FRAMEPKG /INSTALL=AGENT /SITEINFO=C:\TMP\SITELIST.XML

Specifies
/ the locale ID of McAfee Agent that you want to install. Use the switch to change current McAfee Agent language to
any
USELANGUAGE
supported language.
Example: FRAMEPKG /INSTALL=AGENT /USELANGUAGE=0404
Note: If errors occur during installation, all error messages are displayed in English regardless of the installed locale.

Install on Windows with logon scripts

Using Windows logon scripts to install McAfee Agent can be an efficient way to make sure all systems in your network have
McAfee Agent installed.

Before you begin

• Create segments of your System Tree that use network domain names or sorting filters that add the expected systems to your
groups. If you don’t, all systems are added to the Lost & Found group, and you must move them manually.
• See your operating system documentation for writing logon scripts. The details of the logon script depend on your needs. This
task uses a basic example.
• Create a batch file (ePO.bat) that contains commands you want to execute on systems when they log on to the network. The
content of the batch file depends on your needs, but its purpose is to check whether McAfee Agent has been installed in the
expected location and, if not, run FramePkg.exe to install McAfee Agent. Below is a sample batch file that does this. This
example checks the default installation folder for McAfee Agent files and, if not present, installs the McAfee Agent.
@ECHO OFF
SETLOCAL
set MA_KEY_NAME="HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Agent"
set MA_VALUE_NAME=InstallPath

FOR /F "usebackq skip=2 tokens=1,2*" %%A IN (

`REG QUERY %MA_KEY_NAME% /v %MA_VALUE_NAME% 2^>nul`) DO (
set Home="%%C"
)

IF DEFINED home SET home=%home:"=%

if defined Home echo "McAfee Agent 5.0 is already installed"
if NOT defined Home "\\MyServer\Agent$\Update\FramePkg.exe /install=agent"
exit /b 0

• FramePkg.exe requires administrator rights to install properly.

Task
1. Copy McAfee Agent installation package, FramePkg.exe, from your McAfee ePO to a shared folder on a network server, where
all systems have permissions.
Note: Systems logging on to the network are automatically directed to this folder to run McAfee Agent installation package
and install McAfee Agent. The default location for the installation packages for Windows is: <Program Files>\McAfee\ePolicy
Orchestrator\DB\Software\Current\EPOAGENT3000\Install\0409\FramePkg.exe. Embedded credential package always runs in
silent mode and does not display any error message when an installation fails.

18 McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator)

2. Save the batch file you created, ePO.bat, to the NETLOGON$ folder of your primary domain controller (PDC) server. The batch
file runs from the PDC every time a system logs on to the network.
3. Add a line to your logon script that calls the batch file on your PDC server.
For example: CALL \\<PDC>\NETLOGON$\EPO.BAT

Install using Group Policy Object

The agent supports deployment using Window's Group Policy Objects on client systems in their network. The administrator must
copy the agent Group Policy Object files and msi file to a shared path (UNC path) accessible to each client system where you
want to install the agent.

Task
1. Download Framepkg.exe from McAfee ePO to a shared folder on a network server, where all systems have permissions.
2. Execute this command:
Framepkg.exe /gengpomsi /SiteInfo=<sharedpath>\Sitelist.xml /FrmInstLogLoc=<localtempDir>\<filename>.log
The following files are extracted to your local drive.
◦ MFEagent.msi
◦ Sitelist.xml
◦ srpubkey.bin
◦ reqseckey.bin
◦ agentfipsmode
◦ sr2048pubkey.bin
◦ req2048seckey.bin
3. Copy the extracted files to a shared UNC location specified in siteinfo path.
4. Create a Group Policy Object. (See Microsoft documentation for instructions).
5. Click Computer Configuration → Policies → Software Settings.
6. Right-click Software installation, then click New → Package.
7. When prompted for a package, browse to the shared UNC path, then select MFEAgent.msi.
8. Select the Deployment Method as Assigned.

Results
Note: McAfee Agent does not support per-user installations.

Install on Linux and Macintosh systems

McAfee Agent can be installed manually, using McAfee ePO, or using the custom agent installation URL.
On Linux and Macintosh systems, McAfee Agent is installed manually using an installation script (install.sh) that McAfee ePO
creates when you check in the McAfee Agent software package in the McAfee ePO Master Repository and indicate the operating
system in use. Ubuntu Linux client systems have a slightly different manual installation method, which is discussed in later
sections in the document.
McAfee Agent can be installed from McAfee ePO on Macintosh OS X and Red Hat Enterprise Linux client systems.
Once McAfee Agent is installed on client systems, you can run a Product Deployment task to schedule updates to McAfee Agent and
deploy other managed products.

Install on non-Windows operating systems from McAfee ePO

Installing McAfee Agent on your Macintosh or Red Hat Linux systems is a quick way to change and manage several systems at
the same time.

Before you begin

Enable SSH on the non-Windows client systems.
• You must have root permissions to install McAfee ePO on non-Windows system.
• McAfee Agent extension must be installed on McAfee ePO and appropriate packages must be added to the Master Repository
before installing McAfee Agent on a non-Windows system.
• Comment the following line in the /etc/sudoers file on a Red Hat operating systems.

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 19

 Default requiretty

The following non-Windows operating systems support installing McAfee Agent from McAfee ePO.
• Macintosh OS X versions 10.6 (Leopard) and later
• Red Hat Enterprise Linux versions 4 and later
• Ubuntu 11.04 and later
Tip: You can only install one version of McAfee Agent on one type of operating system with this task. If you need to install on
multiple operating systems or versions, repeat this task for each additional target operating system or version.

Task
1. Select Menu → Systems → System Tree, then select the groups or systems where you want to deploy McAfee Agent.
2. Click Actions → Agent → Deploy Agents.
3. Select the appropriate Agent version drop-down list for the target operating system, and select a version from that list.
4. Select Install only on systems that do not already have an agent managed by this ePO server.
5. Type valid credentials in the User name, Password, and Confirm password fields.
If you want these entries to be the default for future deployments, select Remember my credentials for future deployments.
6. If you do not want the defaults, enter appropriate values into the Number of attempts, Retry interval, and Abort after options.
7. If you want the deployment to use a specific Agent Handler, select it from the drop-down list. If not, select All Agent Handlers.
8. Click OK.

Install on non-Windows operating systems manually

McAfee Agent can be installed manually on Macintosh and Linux systems.

Before you begin

The agent extension must be installed on McAfee ePO and appropriate agent packages added to the Master Repository before the
agent can be installed onto a non-Windows system.

Task
1. Select Menu → Systems → System Tree.
2. Perform one of these actions to obtain the installation file:
◦ Click New Systems, select Create and download agent installation package, choose the appropriate Agent version, click OK, and save the
agentPackages.zip file that contains the install.sh file.
◦ Copy the install.sh file directly from McAfee ePO. The path includes the name of the selected repository. For example, if
checked in to the Current branch of the McAfee ePO software repository, the path of the required files is:

Linux C:\Program Files\McAfee\ePolicy Orchestrator\DB\Software

\Current\EPOAGENT3700LYNX\Install\0409

Macintosh C:\Program Files\McAfee\ePolicy Orchestrator\DB\Software

\Current\EPOAGENT3700MACX\Install\0409

3. Open Terminal, then switch to the location where you copied the install.sh file.
4. Run these commands, giving root credentials when requested:
sudo chmod +x install.sh
sudo ./install.sh -i

Install the agent in managed mode on Ubuntu systems

The agent can be installed manually or pushed from McAfee ePO on managed systems running Ubuntu operating system.

Task
1. Select Menu → Systems → System Tree.

20 McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator)

2. Click New Systems, select Create and download agent installation package, choose the appropriate Agent version, click OK, and save the
agentPackages.zip file that contains the installdeb.sh file.
3. Open Terminal, then switch to the location where you copied the installdeb.sh file.
4. Run these commands, giving root credentials when requested:
$chmod +x ./installdeb.sh
$sudo ./installdeb.sh -i

Install the agent on Red Hat Linux devices using third party deployment method
Installing the agent on Red Hat Linux devices using third-party deployment methods requires an rpm package created for that
environment.

Before you begin

The agent extension must be installed on McAfee ePO and Linux agent package is checked in to the Master Repository.

Task
1. Select Menu → Systems → System Tree.
2. Click New Systems, select Create and download agent installation package, choose the appropriate Agent version, click OK, and save the
agentPackages.zip file that contains the install.sh file.
3. Open Terminal, then switch to the location where you copied the install.sh file.
4. Generate rpm (MAProvision.rpm/MAProvision.deb) from install.sh using the option (-p).
◦ Run the command, giving root credentials when requested. For example:
./install.sh -p

MAProvision.rpm/MAProvision.deb, MFEcma.rpm/MFEcma.deb, MFErt.rpm/MFErt.deb files are generated.

5. Check in the rpms (MAProvision.rpm/MAProvision.deb, MFEcma.rpm/MFEcma.deb, MFErt.rpm/MFErt.deb) into the third-party
deployment tools (such as YUM, apt-get) repository.
6. Install McAfee Agent in managed mode using third-party tools (for example, yum install MAProvision.rpm).

Script options for installing McAfee Agent on non-Windows

Installing McAfee Agent on non-Windows systems using the install script (install.sh) supports these options.

Table 1: Supported install script (install.sh) options

Function
Option Macintosh Linux

Upgrades
- the agent x x
only.
b Server information
is not updated.

Shows
- Help. x x
h

Performs
- a new x x
installation.
i

Forbids
- core
generation.
n

Upgrades
- entire x x
installation.
u

Deploying McAfee Agent using the McAfee Smart Installer

The McAfee Smart Installer is a customized URL-based installer that can be created using McAfee ePO.
You can create a customized McAfee Smart Installer by selecting the required operating system and McAfee Agent version using
McAfee ePO.

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 21

Clicking the McAfee Smart Installer prompts you to save or run the executable file. The managed system users with administrator
rights can run the executable file and install McAfee Agent on their system. Running the executable on the client system extracts
McAfee ePO details and McAfee Agent unique token.
Once the executable is extracted, the client system tries to discover peer-to-peer servers in its broadcast domain to download
the McAfee Agent installation and configuration files. On receiving the request, the McAfee Agent that is configured as peer-to-
peer server responds to the request and serves the content.
If the client system is unable to find peer-to-peer servers in its broadcast domain, it tries to connect McAfee ePO to download the
configuration files. If the connection succeeds, the client system downloads and installs McAfee Agent.
If the installer is unable to connect to McAfee ePO directly, it uses the proxy server setting configured on the client system to
download and install McAfee Agent. The installer uses the proxy server settings configured in Internet Explorer for Windows or
System Preferences for Macintosh OS X client systems.
Note: Download using proxy server is supported only on Windows and Macintosh operating systems. For Macintosh client
systems, the installer uses System Preferences. You must provide the proxy server credentials if your client system requires
authentication to connect to the proxy server.
If the client system fails to connect to McAfee ePO directly or using the proxy server, it broadcasts a message to discover McAfee
Agent with relay capability in its network. The RelayServer responds to the message and establishes connection with the client
system.
If McAfee Agent package download fails due to network connectivity problems, McAfee Agent resumes downloading the
remaining installation files from the point it stopped when the McAfee Smart Installer runs next time.
McAfee Agent then installs other McAfee products through the deployment tasks and enforces new policies assigned to the
managed system fetched during the first agent-server communication.

Create customized McAfee Smart Installer

You can create a McAfee Smart Installer from your McAfee ePO dashboard. The McAfee Smart Installer can then be distributed to
the user for downloading and installing the agent on the managed system.

Before you begin

• Make sure that the McAfee Agent extension is installed and the software package is checked in to McAfee ePO.
While creating the McAfee Smart Installer, you can also set McAfee Agent or the other McAfee products to update automatically.
If you select other McAfee products to be included in the installer, a deployment task is created to install the product. These
products are then installed after the first agent-server communication.

Task
1. Select Menu → Dashboards, then under Getting Started click Customize Installation.
2. Type a group name and select the appropriate operating system.
3. Select the required software and policies.
4. If you want McAfee Agent or the other McAfee products to be updated automatically, select Software is automatically updated to the
latest version.
5. Click Done, then follow the on-screen instructions to download and install McAfee Agent.

Install McAfee Agent using customized McAfee Smart installer

Managed system users can install McAfee Agent with the customized McAfee Smart installer created using McAfee ePO. You can
install McAfee Agent on Windows and other supported platforms using the McAfee Smart installer.
Running the executable on the client system extracts McAfee ePO details from the coninfo.xml file. The client system tries to
connect McAfee ePO to download the installation and configuration files.
Note: The install.zip file cannot be downloaded from the FTP or UNC servers.

Task
1. Click the URL or copy and paste it into a browser.
When entering the URL into a browser, make sure to enter the entire URL without spaces.
2. Perform these depending on your operating system.

22 McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator)

 Operating system Steps to install

For Windows Note: You must have administrator rights to install McAfee Agent on
the managed system.
1. When prompted, download the installer. Or, click Install to
download and install McAfee Agent.
2. In the File Download dialog box, click Run.
3. Click Run to confirm installation. A dialog box shows the progress
of the installation.
The installation log McAfeeSmartInstall_<date>_<time>.log is
saved in <LocaltempDir>\McAfeeLogs.

For Macintosh 1. When prompted, download the installer. The customized URL
downloads the McAfeeSmartInstall.app file.
Note: If you are using Mozilla Firefox, the customized URL
downloads the McAfeeSmartInstall.app.zip file. Double-click the
file to extract the McAfeeSmartInstall.app file.
2. Double-click the McAfeeSmartInstall.app file to confirm
installation. A dialog box shows the progress of the installation.
Note: The installation log is saved in /tmp.

For other supported non-Windows operating ◦ Run McAfee Agent installer from the folder where it is
systems downloaded. <McAfeeSmartInstall.sh>
Note: The installation log McAfeeSmartInstall_<date>_<time>.log
is saved in the folder where you downloaded McAfee Agent installer.

Install URL-based McAfee Agent manually using command-line parameters

By manually installing the URL-based McAfee Agent on supported operating systems, you can override default installation
parameters.

Task
Run the following command on the client system with any of these parameters:
On Windows, run McAfeeSmartInstall.exe
On Macintosh, run McAfeeSmartInstall.app

Parameter Description

-d "Data path" Overrides the path of McAfee Agent data files (Windows only).
The default location is: <Documents and Settings>\All Users
\Application Data\McAfee\Agent. If the operating system does
not have a Documents and Settings folder, the default
location is C:\ProgramData\McAfee\Agent.
Example: McAfeeSmartInstall.exe -d D:\McAfeeAgent\Data

-i "Install path" Overrides the default folder where installation files are saved
(Windows only). You can use Windows system variables, such
as <SYSTEM_DRIVE>. If not specified, the default location is:
<DRIVE>:\Program Files\McAfee\Agent
Example: McAfeeSmartInstall.exe -i D:\McAfeeAgent

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 23

 Parameter Description

-g Generates the debug log

McAfeeSmartInstall_<date>_<time>.log.
• On Windows client system, the log file is saved in
<Documents and Settings>\<User>\Local\Temp
\McAfeeLogs.
• On Macintosh client system, the log file is saved in /tmp.
• On other non-Windows client system, the log file is saved in
installation folder.

-a "Proxy address" -p "Proxy port" Specifies the proxy server address and the port number
(Windows and Macintosh only).
If the proxy server details are not provided, the installer uses
the default browser proxy server setting.

-k Switches off the peer and certificate verification of the https

server from where the installer downloads the configuration
file.

-u "Proxy user name" -w "Proxy password" Specifies the user name and password for the authenticated
proxy server (Windows and Macintosh only).

-f Forces McAfee Agent installation (Windows only).

-s Installs McAfee Agent in silent mode (Windows and Macintosh

only).

-v Installs McAfee Agent in VDI mode.

h Displays the Help for command-line options (Windows and

Macintosh only).

Note: All parameters are optional. If you don't specify a parameter, the installer uses the default value.

Manage Agent Deployment URLs

You can create, delete, enable, disable, or view Agent Deployment URLs using McAfee ePO.

Task
1. Select Menu → Systems → System Tree, then click the Agent Deployment tab.
2. Click Actions, then select the required option.

Options Definition

Choose Columns Opens the Choose Columns page where you select the columns
to display on the Agent Deployment page.

Create Agent Deployment URL Opens the Agent Deployment URL page where you create a URL
for Agent Deployment.

Delete Agent Deployment URL Deletes the selected Agent Deployment URL.

Enable/Disable Agent Deployment URL Controls whether the client system users can deploy the
agent using the URL.

24 McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator)

 Options Definition

Export Table Displays the Export page where you choose the way the table
is exported.

View Agent Deployment URL Displays the Agent Deployment URL.

Install McAfee Agent in Virtual Desktop Infrastructure mode

McAfee Agent Global Unique Identifier (GUID) is a random value used specifically by McAfee ePO and is created when the agent
is installed on a managed system.
If a new McAfee Agent GUID is created every time a virtual image or a system is started, it results in duplication of GUID. Installing
McAfee Agent in Virtual Desktop Infrastructure (VDI) mode can avoid duplication of GUID.
Installing McAfee Agent in VDI mode deprovisions the virtual image or the system every time it shuts down. This enables McAfee
ePO to save the deprovisioned McAfee Agent in its database. Once deprovisioned in the database, McAfee Agent is not displayed
on McAfee ePO console.

Task
1. Select Menu → Systems → System Tree, then select New Systems.
2. Next to How to add systems, select Create and download agent installation package.
3. Select Agent version.
4. Select or deselect Embed Credentials in Package. If selected, type the appropriate Credentials for agent installation.
If you want these credentials to be remembered the next time you complete this task, click Remember my credentials for future
deployments.
5. If you want the deployment to use a specific Agent Handler, select it from the drop-down list. If not, select All Agent Handlers.
6. Click OK to generate the Agent Deployment URL.
7. Download McAfee Agent and copy the installer on the virtual image.
8. Run the following command to install McAfee Agent in VDI mode:
McAfeeSmartInstaller.exe -v
9. To verify if McAfee Agent was installed in VDI mode, select Menu → Systems → System Tree, then select the system. The System
Information page displays the properties of the client system reported by McAfee Agent. The value of the system property VDI
should be Yes.

Results
McAfee Agent starts the agent-server communication and enforces all policies and tasks as configured on McAfee ePO.

Using the maconfig command-line tool

maconfig is a command-line tool provided with McAfee Agent for Linux.
It is installed with McAfee Agent and its default location is /opt/McAfee/agent/bin.
With maconfig you can perform operations such as:
• Provisioning agent to McAfee ePO
• Set custom properties
• Set log level

Command-line switches
Use these command-line switches with the maconfig tool to perform operations.

Parameter Description

-provision Provisions the agent in managed or unmanaged mode.

-enforce Enforces the agent policies or configurations locally.

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 25

 Parameter Description

-managed Provisions the agent in managed mode.

-unmanaged Provisions the agent in unmanaged mode.

-auto Use McAfee ePO credentials.

-dir Uses McAfee ePO files from a specific directory.

-epo Specifies McAfee ePO IP address and port.

-user Specify McAfee ePO administrator's user name.

-password Specify McAfee ePO password.

-custom Set custom properties. You can set more than one custom
property.

-prop1 "string value" -prop2 "string value" ... - Value of custom property. Specify the value for each of your
propN "string value" custom property.

-license Set license key.

-loglevel Set log level number(0(Disable)\1(Info)\2(Debug)\3(Detail)).

-noguid Deletes GUID entries.

-start Starts the agent.

-stop Stops the agent.

-help Displays Help for maconfig.

Examples
• Provision the agent to McAfee ePO
This command provisions a specified McAfee ePO to the local system that runs this command.
maconfig -provision -managed -auto -epo <ePO IP> -user <ePO admin username> -password <ePO admin password>
• Set custom properties
This command allows you to set custom properties that are reported back to McAfee ePO and are displayed in the system
properties.
maconfig -custom -prop1 "string value1" -prop2 "string value2"
• Set log level
This command allows you to configure the level of agent activity that is recorded.
maconfig -enforce -loglevel 3

Processes used by McAfee Agent 5.0.0

The table lists the processes used by McAfee Agent 5.0.0.

Windows processes/ Service

applications Non-Windows processes name
Service display name Description

masvc.exe masvc McAfee Agent Service

masvc Performs
functions
such
as
property

26 McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator)

 Windows processes/ Service
applications Non-Windows processes Service display name
name Description
collection,
policy
enforceme
scheduling
of
tasks,
agent-
server
communica
and
trigger
update
session

macmnsvc.exe macmnsvc macmnsvc

McAfee Agent Common Hosts
Services multiple
McAfee
Agent
services
such
as
peer-
to-
peer
server,
wake-
up,
and
RelayServe

macompatsvc.exe macompatsvc McAfeeFramework

McAfee Agent Backwards This
Compatibility Service executable
is
the
compatibili
service
for
the
McAfee
Agent
service.
McAfee
Agent
service
starts
this
service
and
communica
to
the
managed

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 27

 Windows processes/ Service
applications Non-Windows processes Service display name
name Description
product
plug-
ins.

cmdagent.exe cmdagent N/A

N/ This
A is
a
command-
line
program
that
invokes
McAfee
Agent.
To
know
more
about
switches
available
with
this
command,
use
cmdagent.

FrmInst.exe N/A N/A

N/ McAfee
A Agent
installation
program.
To
know
more
about
switches
available
with
this
command,
use
FrmInst.e

maconfig.exe maconfig N/A

N/ This
A is
a
command-
line
program
used
to
configure
different

28 McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator)

 Windows processes/ Service
applications Non-Windows processes Service display name
name Description
options
of
McAfee
Agent.
To
know
more
about
switches
available
with
this
command,
use
maconfig

McScanCheck.exe McScanCheck N/A

N/ Command-
A line
program
used
by
McScript_In
to
perform
DAT
or
engine
updates.

McScript_InUse.exe Mue_InUse N/A

N/ Runs
A scripts
for
updating
DAT
files,
engines,
service
packs,
or
any
other
component
checked
in
to
a
repository.
This
process
loads
when
update

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 29

 Windows processes/ Service
applications Non-Windows processes Service display name
name Description
task
is
started.

UpdaterUI.exe N/A N/A

N/ Provides
A user
interface
for
updates.
It
also
controls
the
McAfee
Agent
icon
in
the
system
tray
and
is
loaded
via
the
Run
key
in
the
Windows
registry.

marepomirror.exe N/A N/A

N/ Performs
A repository
mirroring
according
to
the
policy
settings.

FramePkg.exe N/A N/A

N/ McAfee
A Agent
installer.

mctray.exe N/A N/A

N/ System
A tray
icon
manageme
tool.
It
runs
under

30 McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator)

 Windows processes/ Service
applications Non-Windows processes Service display name
name Description
the
same
user
session
and
is
started
by
UdaterUI.ex

Including McAfee Agent on an image

McAfee Agent can be installed on an image that is later deployed to multiple systems. You must make sure the agent functions
properly in this scenario.
No two agents can share the same GUID. The most common way McAfee Agent ends up with duplicate GUIDs is if it was installed
on an image without having its GUID removed, and that image was deployed onto more than one system.
To make sure the GUIDs are not duplicated, run this command on the system image where McAfee Agent is installed and is used
to deploy on more than one client systems.
maconfig -enforce -noguid
Important: Restart the McAfee Agent service on your system after running the maconfig -enforce -noguid command to
generate a unique GUID.

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 31

Upgrading and restoring agents
If you are using an older version of McAfee ePO and have previous agent versions in your environment, you can upgrade those
agents once you install your new McAfee ePO.
Periodically, McAfee releases newer versions of the agent that can be deployed and managed using McAfee ePO. When the agent
installation package and the extension are available, you can download it from the McAfee download site or the Software
Manager. Check in the installation package to the Master Repository and install the new extension, then use the Product Deployment
task to upgradeMcAfee Agent.
You can create a customized McAfee Smart installer to upgrade McAfee Agent on the client systems.
You can upgrade from McAfee Agent 4.6.x or 4.8.x to 5.0.0.
Note: If you're using McAfee Agent 4.5.x or an earlier version, upgrade to 4.6.x or 4.8.x, then upgrade to 5.0.0.

Upgrading vs. updating

This document refers upgrading as installing a newer version of the existing software and updating as changing data.
Upgrading is not the same as updating. Upgrading means installing a newer version of McAfee Agent over an older version, for
example, replacing McAfee Agent 4.8 with McAfee Agent 5.0.0. Updating means getting the most up-to-date DATs and signatures
that products use to identify and disarm threats.
• If you use McAfee ePO to deploy McAfee Agent in your network, the procedure differs slightly depending which previous
version of McAfee Agent you are upgrading.
• If you are upgrading your McAfee Agent and your network is large, consider the size of the installation package file and your
available bandwidth before deciding how many agents to upgrade at once. Consider using a phased approach. For example,
upgrade one group in your System Tree at a time. In addition to balancing network traffic, this approach makes tracking progress
and troubleshooting easier.
• If you use a product deployment client task to upgrade McAfee Agent, consider scheduling the task to run at different times for
different groups in the System Tree.
The procedure for upgrading depends on the version of McAfee Agent running on your managed systems.
Note: Some previous McAfee Agent versions do not support all features in McAfee ePO 5.1.1. For full McAfee ePO functionality,
upgrade to McAfee Agent version 5.0.0 or later.
Upgrading McAfee Agent by a method other than using McAfee ePO, such as upgrading manually or using network logon scripts,
is identical to installing McAfee Agent for the first time.

Upgrade McAfee Agent using a Product Deployment task

You can use the Product Deployment client task to upgrade McAfee Agent for a group of systems on McAfee ePO.

Before you begin

You must add appropriate McAfee Agent packages to the Master Repository on McAfee ePO before upgrading McAfee Agent.

Task
1. Select Menu → Systems → System Tree.
2. On the Assigned Client Tasks tab, click Actions → New Client Task Assignment to open the Client Task Assignment Builder wizard.
Note: McAfee ePO 5.9 Client Task Assignment Builder wizard has all client task scheduler settings in one page.
3. On the Select Task pane, select McAfee Agent as Product, Product Deployment as Task Type, and select the existing deployment task.
Note: You can also create an upgrade task or view the properties of the existing deployment task by clicking Create New Task or
View Selected Task respectively. To define a new task, click Create New Task and enter the information appropriate to the task you
are creating.
4. Next to the Lock task inheritance option, you can choose to unlock or lock the upgrade task to allow or prevent breaking
inheritance.
5. Next to the Tag option, you can choose to send this upgrade task to all systems or specific systems that match the expected
criteria.
6. Click Next to open the Schedule pane.

32 McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator)

 7. Schedule the task as needed.
8. Click Next to open the Summary pane.
9. Verify the task's details, then click Save.
10. Send a wake-up call.

Results
The upgrade task is sent to the selected client systems at the next agent-server communication. Every time this task executes, it
checks to determine whether to install the specified version of McAfee Agent.

Upgrade an unmanaged McAfee Agent on Ubuntu

Upgrading a McAfee Agent running in unmanaged mode on Ubuntu must be done manually.
The installer and McAfee Agent package is found at the following location on McAfee ePO:
<epo server install location>\DB\Software\Current\EPOAGENT3700LYNX\Install\0409
This process supports upgrading an unmanaged McAfee Agent from version 4.8.0 to version 5.0.0. McAfee Agent running in
managed mode can be upgraded with a deployment task in McAfee ePO.

Task
1. Copy the installer files (MFErt.i686.deb and MFEma.i686.deb) to the client system.
2. Open a terminal window on the client system. Navigate to the folder with the installer.
3. Run the following commands:
dpkg -I --force-confnew MFErt.i686.deb
dpkg -I --force-confnew MFEma.i686.deb

Restore a previous version of the agent on Windows

You can restore a previous version of the agent in a Windows environment. You might do this after testing a new version of the
agent.

Task
1. Select Menu → Systems → System Tree, then select the systems where you want to install a previous version of the agent.
2. Click Actions → Agent → Deploy Agents.
3. From the Agent version drop-down list on the Deploy Agent page, select the agent you want to restore, then do the following:
a. Select Force installation over existing version.
b. Specify the target Installation path for the forced installation.
c. Enter user Credentials for agent installation.
d. Provide the information for Number of attempts, Retry interval, and Abort after.
e. Select whether the connection used for the deployment is to use a specific Agent Handler or All Agent Handlers.
4. Click OK to send the agent installation package to the selected systems.

Restore a previous version of the agent on non-Windows systems

Restoring a previous version of the agent on non-Windows systems involves uninstalling the current agent version and installing
the previous one.

Task
1. On the client system, uninstall the currently installed version of the agent.
2. On the client system, install the earlier version of the agent.

Results
Tasks, policies, and other data is restored at the first agent-server communication following reinstallation.

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 33

Removing McAfee Agent from Windows
When you select Remove McAfee Agent on next agent-server communication while deleting a system from the System Tree, McAfee Agent is
removed from the system during the next agent-server communication.
If managed products still reside on systems after trying to remove McAfee Agent, it continues to run unmanaged in updater
mode to maintain those managed products.
Note: You cannot remove McAfee Agent using the Product Deployment task.

Remove agents when deleting systems from the System Tree

You can remove McAfee Agent from a system by deleting it from the System Tree.

Task
1. Select Menu → Systems → System Tree, then select the group with the systems you want to delete.
2. Select the systems from the list, then click Actions → Directory Management → Delete.
3. Select Remove McAfee Agent on next agent-server communication, then click OK.

Remove agents when deleting groups from the System Tree

You can remove McAfee Agent from a group of systems when you delete that group from the System Tree.
Caution: When you delete a group, all its child groups and systems are also deleted.

Task
1. Select Menu → Systems → System Tree, then select a group to be deleted.
2. At the bottom of the System Tree panel, click System Tree Actions → Delete Group.
3. Select Remove McAfee Agent on next agent-server communication from all systems, then click OK.

Remove agents from systems in query results

You can remove McAfee Agent from systems listed in the results of a query (for example, the Agent Versions Summary query).

Task
1. Run a query, then from the results page, select the systems to be deleted.
2. Select Directory Management from the drop-down list, then select Delete from the submenu.
3. Select Remove McAfee Agent on next agent-server communication, then click OK.

Remove the agent using Windows command prompt

The agent can be removed from a Windows system by running the agent installation program, FrmInst.exe, from the command
line.
Note: If there are managed products installed on a system where the agent is removed, the now unmanaged agent continues in
updater mode.

Task
1. Open a command prompt on the target system.
2. Run the agent installation program, FrmInst.exe, from the command line with the /REMOVE=AGENT option.
Note: To remove McAfee Agent forcibly from the Windows client system, run the command FrmInst.exe /FORCEUNINSTALL.

Remove McAfee Agent from non-Windows operating systems

Removing the agent from non-Windows operating systems such as Macintosh OS or other platforms must be done manually.
The task involves:

34 McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator)

• Removing McAfee Agent from the system.
• Removing the system names from the McAfee ePO System Tree.

Task
1. Open a terminal window on the client system.
2. Run the command for your operating system, providing root credentials when requested.

Operating system Commands

Linux rpm -e MFEcma

rpm -e MFErt
Caution: Run the commands in the listed order.

Ubuntu dpkg --remove MFEcma

dpkg --remove MFErt
Caution: Run the commands in the listed order.

Mac /Library/McAfee/agent/scripts/uninstall.sh

3. On McAfee ePO, select Menu → Systems → System Tree, then select the systems where you uninstalled McAfee Agent.
4. From the Actions drop-down list, select Directory Management, then select Delete from the submenu.

McAfee Agent 5.0.6 Installation Guide (McAfee ePolicy Orchestrator) 35

COPYRIGHT
Copyright © 2020 McAfee, LLC

McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other
marks and brands may be claimed as the property of others.