McAfee macOS Configuration Profiles

McAfee Agent command-line switches
https://kc.mcafee.com/corporate/index?page=content&id=KB52707

Configuration Profiles in macOS
What allowed extensions or filters are required to enable McAfee endpoint products to successfully protect your Mac depends on what version of macOS you are running. McAfee provides sample configuration profiles (in the KB links below) that you can directly import or use for inspiration in building your own. It doesn’t hurt to use the same profiles on multiple OS versions as the older OS versions will just ignore what doesn’t apply. All configuration profiles are required for successful use of McAfee endpoint products on Mac.

Note to Mac Admins: Bundle IDs for Extensions (System or Kernel) need to be explicitly defined in Big Sur and Monterey. Please view the Kext KB links below for the bundle IDs.

Note to Jamf Pro Admins: Uploading a System Extension config profile is currently broken (PI-008562). You will have to create and populate the system extension profile yourself. Click here and here for example screen shots.

https://community.mcafee.com/t5/Mac-and-Linux-Products/Configuration-Profiles-in-macOS/td-p/682601

 

Remove McAfee Agent saliently push to client form … – Jamf Nation Community – 141927

https://kc.mcafee.com/corporate/index?page=content&id=KB93600

Great Resource:
https://macadmins.cloud/2021/02/19/configuration-profiles/

System Extension : How to identify on macOS, Create a Configuration Profile, a PPPC Payload, & Deploy with Jamf (Example: Symantec System Extension)

Link to modify McAfee Deployment

https://sneakypockets.wordpress.com/2017/07/26/using-installer-choices-xml-to-modify-anyconnect-and-mcafee-deployments/

Try Editing:
https://community.jamf.com/t5/jamf-pro/how-to-see-if-user-has-quot-allowed-quot-crowdstrike-inc-in/m-p/232617

#!/bin/sh

STATUS=$(systemextensionsctl list | grep 'com.mcafee.CMF.networkextension' | awk -F' ' {'print $6'})

if [ -z $STATUS ]; then
# System extension not loaded, check for kext
KEXTSTATUS=$(kextstat | grep 'com......')
if [ -z $KEXTSTATUS ]; then
echo "[not detected]"
else
echo "[kext running]"
fi
else
echo "$STATUS"
fi

exit 0

Link to Simple MDM Kernel vs System Extension
https://simplemdm.com/kernel-extensions-system-extensions/

Supported platforms for Endpoint Security for Mac
https://kc.mcafee.com/corporate/index?page=content&id=KB84934

macOS Catalina


Problem for MDM Managed Macs
Because of SKEL, the kernel extensions of ENSM Threat Prevention – on-access scan, Firewall, and Self-Protection, aren’t allowed to load without end-user consent.

Enrollment in MDM automatically disables SKEL with macOS 10.13.3 and earlier. In this case, end-user consent isn’t needed to enable the ENSM Threat Prevention – on-access scan, Firewall, and Self-Protection features.

Starting with macOS 10.13.4, enrolling in MDM doesn’t automatically disable SKEL. The McAfee kernel extensions have to be added in the Kernel Extension Policy payload, to load without end-user user consent.

For more information, see the following Apple articles:
Apple article HT208019
Apple article HT208488
Below are the details for use in the Kernel Extension Policy payload:

McAfee Team Identifier: GT8P3H7SPW

Bundle Identifiers:

com.intelsecurity.FileCore
com.McAfee.AVKext
com.McAfee.FileCore
com.McAfee.FMPSysCore
com.McAfee.mfeaac

You can also download and import the profile configuration file. The file is included in the Attachment section of this article.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *