Mcafee Agent 5.6.X Installation Guide

McAfee Agent 5.6.
x Installation Guide
COPYRIGHT
Copyright © 2020 McAfee, LLC
TRADEMARK ATTRIBUTIONS
McAfee and the McAfee logo, McAfee Active Protection, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes,
McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee,
LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE
GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE
CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE
RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU
DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF
APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
2 McAfee Agent 5.6.x Installation Guide

Contents
1 Installation overview 5
Which type of installation do you need? . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
First-time installation workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
First-time installation using McAfee ePO On-Premises . . . . . . . . . . . . . . . . . . 6
First-time installation using McAfee ePO Cloud . . . . . . . . . . . . . . . . . . . . . 7
Product name conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Methods of installing the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Install from McAfee ePO (McAfee ePO On-Premises) . . . . . . . . . . . . . . . . . . . 8
Install manually (McAfee ePO On-Premises) . . . . . . . . . . . . . . . . . . . . . . 9
Install using third-party deployment (McAfee ePO On-Premises) . . . . . . . . . . . . . . 10
Install using logon scripts on Windows systems (McAfee ePO On-Premises) . . . . . . . . . . 11
Install using install scripts on non-Windows systems (McAfee ePO On-Premises) . . . . . . . . 11
Install the agent on an image (McAfee ePO On-Premises) . . . . . . . . . . . . . . . . . 12
Deploy using McAfee Smart Installer . . . . . . . . . . . . . . . . . . . . . . . . 13
Install in Virtual Desktop Infrastructure mode . . . . . . . . . . . . . . . . . . . . . 14
Upgrade installation workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2 System requirements 17
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Ports used by the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3 Install software for the first time 19

®
McAfee Agent with integrated McAfee Data Exchange Layer (DXL) . . . . . . . . . . . . . . . . 19
McAfee Agent installation package (McAfee ePO On-Premises) . . . . . . . . . . . . . . . . . . 20
Install McAfee Agent extension and packages (McAfee ePO On-Premises) . . . . . . . . . . . . . . 21
Deploying the agent from McAfee ePO (McAfee ePO On-Premises) . . . . . . . . . . . . . . . . 22
Manage Agent Deployment URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Methods of deploying McAfee Agent using McAfee ePO On-Premises . . . . . . . . . . . . . . . 23
Deploying the agent using McAfee Smart Installer . . . . . . . . . . . . . . . . . . . 23
Including McAfee Agent on an image . . . . . . . . . . . . . . . . . . . . . . . . 25
Install URL-based McAfee Agent manually from the command line . . . . . . . . . . . . . 26
Install McAfee Agent in Virtual Desktop Infrastructure mode . . . . . . . . . . . . . . . 27
Install on Microsoft Windows systems . . . . . . . . . . . . . . . . . . . . . . . . 27
Install the agent on Linux and Macintosh systems . . . . . . . . . . . . . . . . . . . 35
Methods of deploying McAfee Agent using McAfee ePO Cloud . . . . . . . . . . . . . . . . . . 41
Deploy McAfee Agent using McAfee ePO Cloud . . . . . . . . . . . . . . . . . . . . 41
Methods of installing McAfee Agent in unmanged mode . . . . . . . . . . . . . . . . . . . . 42
Install the agent on unmanaged Windows . . . . . . . . . . . . . . . . . . . . . . 42
Install the agent on unmanaged non-Windows systems using install script . . . . . . . . . . 42
Install the agent on Linux systems using native installer . . . . . . . . . . . . . . . . . 43
Install the agent on unmanaged Macintosh systems using native installer . . . . . . . . . . . 45
4 Upgrading and restoring agents (McAfee ePO On-Premises) 47

Upgrading vs. updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Upgrade the agent using Product Deployment task . . . . . . . . . . . . . . . . . . . . . . . 48
McAfee Agent 5.6.x Installation Guide 3

Contents
Upgrade the agent manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Methods of upgrading McAfee Agent in unmanaged mode . . . . . . . . . . . . . . . . . . . 49
Upgrade the agent on unmanaged Windows systems . . . . . . . . . . . . . . . . . . 50
Upgrade the agent on unmanaged non-Windows systems using install script . . . . . . . . . 50
Upgrade the agent on unmanaged Linux systems using native installer . . . . . . . . . . . 51
Upgrade the agent on unmanaged Macintosh systems . . . . . . . . . . . . . . . . . 52
Restore a previous version of the agent on Windows systems . . . . . . . . . . . . . . . . . . 53
Restore a previous version of the agent on non-Windows systems . . . . . . . . . . . . . . . . 54
A Removing McAfee Agent 55

Remove agents when deleting systems from the System Tree . . . . . . . . . . . . . . . . . . . 55
Remove agents when deleting groups from System Tree (Windows only) . . . . . . . . . . . . . . . 56
Remove agents from systems in query results . . . . . . . . . . . . . . . . . . . . . . . . 56
Remove the agent using Windows command line . . . . . . . . . . . . . . . . . . . . . . . 56
Remove the agent in unmanaged mode using Control Panel . . . . . . . . . . . . . . . . . . 56
Remove the agent using non-Windows command line . . . . . . . . . . . . . . . . . . . . . 57
Index 59

1 Installation overview
Contents
Which type of installation do you need?
First-time installation workflow
Product name conventions
Methods of installing the agent
Upgrade installation workflow
Which type of installation do you need?

Follow the specific workflow, depending on whether you want to install the software for the first time or
perform an upgrade.

Contents
First-time installation using McAfee ePO On-Premises
First-time installation using McAfee ePO Cloud

First-time installation using McAfee ePO On-Premises

®
Before you install McAfee Agent on managed systems for the first time, you must install the extension and
® ®
check in the software packages on McAfee ePolicy Orchestrator On-Premises.
®
McAfee Agent 5.6.0 bundles the McAfee Data Exchange Layer (DXL) client as a component. When you install
McAfee Agent 5.6.0 on the system, the McAfee Data Exchange Layer client is automatically installed. The Data
Exchange Layer client installation scenarios are covered later in this guide.

Installation overview
Product name conventions 1
First-time installation using McAfee ePO Cloud

®
You can install McAfee Agent on endpoints for the first time using McAfee Smart Installer created from McAfee
® ® ™
ePolicy Orchestrator Cloud (McAfee ePO Cloud) .
Product name conventions

This guide covers multiple versions of McAfee ePO management platform. When content applies to only one
platform, the platform name appears with the content.
McAfee ePO The umbrella term for all McAfee ePO management platforms. When used in this
guide, the content applies to all platforms.
McAfee ePO On-Premises The locally installed (on-premises) version of McAfee ePO.
McAfee ePO Cloud The cloud version of McAfee ePO.

You can deploy the agent on endpoints using McAfee ePO On-Premises or McAfee ePO Cloud in multiple ways.
You can install the agent manually on unmanaged systems.

Deploying using McAfee ePO On-Premises Deploying using McAfee ePO Cloud
Install from McAfee ePO Deploy using McAfee Smart Installer
Install manually Install in Virtual Desktop Infrastructure mode
Install using third party deployment methods Install using Agent Deployment URL
Install using logon scripts (Windows)
Install using install scripts (Non-Windows)
Include the agent as an image
Deploy using McAfee Smart Installer
Install in Virtual Desktop Infrastructure mode
Install using Agent Deployment URL
Install from McAfee ePO (McAfee ePO On-Premises)

You can install the agent on multiple systems at the same time using McAfee ePO.
See also
Install from McAfee ePO on page 28
Install on non-Windows operating systems from McAfee ePO on page 35

Methods of installing the agent 1
Install manually (McAfee ePO On-Premises)

You can install the agent manually on client systems using installation packages.
See also
Install manually on page 29
Install on non-Windows operating systems manually on page 36
Install the agent in managed mode on Ubuntu systems on page 37

Install using third-party deployment (McAfee ePO On-Premises)

Configure your third-party software to distribute the agent installation packages.
See also
Install using third-party deployment methods on page 29
Install using Group Policy Object on page 34
Install the agent on Red Hat Linux systems using third party deployment method on page 38
Install the agent on Ubuntu systems using third party deployment method on page 39

Install using logon scripts on Windows systems (McAfee ePO On-

Premises)
When you log on to the network, a logon script first checks if the agent is installed on the client system and then
continues with the installation.
See also
Install with logon scripts on page 30
Install using install scripts on non-Windows systems (McAfee ePO On-

Premises)
You can install the agent on non-Windows systems using the install.sh script options.
See also
Install the agent on non-Windows systems using install scripts on page 41

Install the agent on an image (McAfee ePO On-Premises)

You can install the agent on an image that is later deployed to multiple systems.
See also
Including McAfee Agent on an image on page 25

Deploy using McAfee Smart Installer

You can deploy the agent on multiple client systems using McAfee Smart Installer.
See also
Deploying the agent using McAfee Smart Installer on page 23

Install in Virtual Desktop Infrastructure mode

You can avoid duplication of GUID by installing the agent in Virtual Desktop Infrastructure mode.
See also
Install McAfee Agent in Virtual Desktop Infrastructure mode on page 27

Upgrade your existing McAfee Agent software to a newer version.
Upgrade using packages from the download site

Download and install McAfee Agent on McAfee ePO server.
1 Download the appropriate McAfee Agent components from the McAfee download site using your grant
number.
2 Install the McAfee Agent extension on McAfee ePO.
3 Check in the required McAfee Agent packages to the McAfee ePO repository.
4 Upgrade the agent on client systems using Product Deployment task.
Upgrade using Software Catalog

Use McAfee ePO Software Catalog (or Software Manager on McAfee ePO 5.9 or earlier) to upgrade the McAfee Agent
software.

Upgrade installation workflow 1
Upgrade manually
Use Framepkg.exe to manually upgrade McAfee Agent.
1 Create and download Framepkg.exe from McAfee ePO.
2 Right-click Framepkg.exe, select Run as administrator, and click OK to complete the upgrade.
See also
Upgrading and restoring agents (McAfee ePO On-Premises) on page 3


2 System requirements
Contents
Requirements
Ports used by the agent
Requirements
Make sure that your client systems meet specific hardware and software requirements to install the agent.
System requirements
• Installed disk space — 50 MB (minimum), excluding log files
• Memory — 512 MB RAM (minimum)
• Processor speed — 1 GHz (minimum)
The list specifies the minimum system requirements for installing the agent. For information about system
requirements for other McAfee products, see the respective McAfee product documentation.
Supported operating systems and processors

For information about supported operating systems, see KB51573.
The agent supports all Data Execution Prevention modes in Windows operating systems.
When McAfee Agent is deployed on an incompatible operating system, the installation fails and an alert is sent to
system log file.
Supported McAfee products

For the list of products that McAfee Agent 5.6.0 supports, see KB91021.
Additional supported platforms

You can install the agent on the virtual guest operating systems using these virtualization environments.
• Windows Server 2008 Hyper-V • Citrix XenServer
• ESX • Citrix XenDesktop
• VMware Workstation • VMware Server
• VMware player

2 System requirements

The agent uses specific ports to connect to McAfee ePO.
Ports Protocols Traffic direction

8081 TCP (McAfee ePO On-Premises) Inbound connection from McAfee ePO or Agent Handler.
Peer-to-peer server serves content, Relay connections established.
8082 UDP Inbound connection to McAfee Agent.

Peer-to-peer server discovery, RelayServer discovery.
8083 UDP RelayServer discovery for previous versions of McAfee Agent.
If peer-to-peer service and RelayServer are disabled, these ports are not open.
For information about the ports used by McAfee ePO for communicating through a firewall, see KB66797.

3 Install software for the first time
The method of installing McAfee Agent depends on the client operating system, tools used, new installation, or
an upgrade.
McAfee ePO On-Premises

You need these components to install McAfee Agent on client systems:
• McAfee ePO extension (EPOAGENTMETA.zip) — A .zip file that is installed on McAfee ePO. Installing McAfee
Agent extension allows you to customize product features on McAfee ePO.
• McAfee Agent software package (MAxxxWIN.zip or MAxxxLNX.zip or MAxxxMAC.zip) — A .zip file that
contains product installation files. Once the package is checked in to the Master Repository, McAfee ePO can
deploy it to your managed systems.
• McAfee Agent key updater package (AgentKeyUpdate.zip) — This distributes the new master keys when an
update is received from the McAfee ePO managed repositories. McAfee Agent uses agent-server secure
communication (ASSC) keys to communicate securely with the server. You can generate new ASSC keys and
use them as a master set. Existing agents that use other keys in the agent-server secure communication
keys list do not change to the new master key unless there is a client agent key updater task scheduled and
run. McAfee Agent key updater package is multi-platform and updates the master public key (srpubkey.bin)
and the corresponding request key (reqseckey.bin).
McAfee ePO Cloud

You can create a customized McAfee Smart Installer by selecting the required operating system and McAfee
version. You can install McAfee Agent on all supported platforms using the McAfee Smart Installer.
Contents
McAfee Agent with integrated McAfee Data Exchange Layer (DXL)
®
McAfee Agent installation package (McAfee ePO On-Premises)

Install McAfee Agent extension and packages (McAfee ePO On-Premises)
Deploying the agent from McAfee ePO (McAfee ePO On-Premises)
Manage Agent Deployment URLs
Methods of deploying McAfee Agent using McAfee ePO On-Premises
Methods of deploying McAfee Agent using McAfee ePO Cloud
Methods of installing McAfee Agent in unmanged mode
McAfee Agent with integrated McAfee Data Exchange Layer (DXL)

®
McAfee Agent 5.6.0 bundles the McAfee Data Exchange Layer client as a component.
The Data Exchange Layer client is automatically installed on managed systems and connects to a DXL broker in
your environment. If the DXL broker is not present in your environment, the DXL client goes into an idle mode
where it consumes minimal resources until brokers become present. DXL services run as part of McAfee Agent
services.

For information about using the DXL client and installing the DXL broker, see McAfee Data Exchange Layer
documents.

You install the agent on client systems using the installation package generated when you install McAfee ePO or
check in the agent package.
This file is a customized installation package for McAfee Agent that reports to your McAfee ePO. The package
contains information needed for McAfee Agent to communicate with the server. Specifically, this package
includes:
• McAfee Agent installer
• Sitelist.xml file
• srpubkey.bin (the server public key)
• reqseckey.bin (the initial request key)
• req2048seckey.bin
• sr2048pubkey.bin
• agentfipsmode file
By default, McAfee Agent installation packages are at <System Drive>\Program Files (x86)\McAfee
\ePolicy Orchestrator\DB\Software\Current\<Product Id>\Install\0409. Product IDs for
supported operating systems are listed in the following table.
Operating System Product ID

Linux EPOAGENT3700LYNX
Windows EPOAGENT3000
Macintosh EPOAGENT3700MACX
The Windows installation package is FramePkg.exe and the non-Windows package is install.sh.
This is the installation package that McAfee ePO uses to distribute and install McAfee Agent. FramePkg.exe
files are created when:
• You specifically create one in McAfee ePO
• McAfee Agent packages are checked in to any branch of the repository (Previous, Current, or Evaluation)
• Encryption key changes
The default McAfee Agent installation package doesn't contain user credentials. When executed on the targeted
system, the installation uses the account of the currently logged-on user.
You can create custom installation packages with embedded credentials if needed by your environment.
Because an installer package has embedded credentials, access to it must be severely restricted. Installer
packages with embedded credentials must only be used in specific situations where another deployment method
is not available. For additional, important information about the use of embedded credentials, see McAfee
KB65538.

Install software for the first time
Install McAfee Agent extension and packages (McAfee ePO On-Premises) 3
Install McAfee Agent extension and packages (McAfee ePO On-

Premises)
Before you install the agent on managed systems, add the extension, software package, and key updater
package to McAfee ePO.
You can manage previous versions of McAfee Agent (4.8.x and 5.0.x) with 5.x.x extension. But, previous version
extensions cannot manage McAfee Agent 5.x.x clients.
Task
1 Download the McAfee Agent extension, EPOAGENTMETA.zip, McAfee Agent packages, and the key updater
packages to the system with McAfee ePO.
You can download McAfee Agent packages from McAfee ePO Software Catalog (or Software Manager on McAfee
ePO 5.9 or earlier). See McAfee ePO product documentation for more details.
McAfee Agent comes with different packages for each supported operating system.
Name Description
MA5xxLNX.zip Linux package
MA5xxWIN.zip Windows package
MA5xxMAC.zip Macintosh package
MA5xxWIN_Embedded.zip Windows Embedded Credentials package
help_ma_5xx.zip McAfee ePO Help extension
EPOAGENTMETA.zip McAfee ePO extension
AgentKeyUpdate.zip Key updater package
2 Install McAfee Agent and Help extension:

a In McAfee ePO, select Menu | Software | Extensions.
b Click Install Extension.
c Browse to the location of EPOAGENTMETA.zip, select it, then click OK.
The Install Extension summary page appears.
d Click OK to complete the installation of the extension.
e Repeat steps a through d to install Help extension.
When upgrading from McAfee Agent 4.8 Help extension to 5.0, uninstall the agent 4.8 Help extension then
perform steps a through d to install 5.0 Help extension.
3 For each agent package you need to check in to the McAfee ePO repository:
a Select Menu | Software | Master Repository.
b Click Check In Package, then browse to the agent packages list, select the required package, then click Next.
c Make sure that Current is selected under Branch, then click Save.


Deploying from McAfee ePO allows you to install McAfee Agent on multiple client systems at the same time.
• Systems must already be added to the System Tree.
If you have not yet created the System Tree groups, you can deploy the McAfee Agent installation package to
systems when you add groups and systems to the System Tree. But, if you are importing large domains or
Active Directory containers, don't use this method. It generates significant network traffic.
• The user must have local administrator rights on all target systems. Domain administrator rights are
required on a system to access the default Admin$ shared folder. McAfee ePO service requires access to this
shared folder to install McAfee Agent.
• McAfee ePO must be able to communicate with the target systems.

Before beginning a large McAfee Agent deployment, make sure that the client systems are reachable from
McAfee ePO. To test the connectivity between McAfee ePO and McAfee Agent, ping the client systems with
IP address or host name depending on how the client systems are identified in McAfee ePO.
The ability to successfully use ping commands from McAfee ePO to managed systems is not required for
McAfee Agent to communicate with the server. But it is a useful test to determine if you can deploy McAfee
Agent to those client systems from McAfee ePO.
• The Admin$ share folder on Windows target systems must be accessible from McAfee ePO. Verify that this is
true on a sample of target systems. This test also validates your administrator credentials, because you
cannot access remote Admin$ shares without administrator rights.
From McAfee ePO, click Windows Start | Run, then type the path to the target system's Admin$ share,
specifying system name or IP address. For example, type \\<System Name>\Admin$.
If the systems are properly connected over the network, and your credentials have sufficient rights, and the
Admin$ share folder is present, a Windows Explorer dialog box appears.
• Enable SSH on the Linux and Macintosh client systems before installing McAfee Agent from McAfee ePO.
Comment out the following line in the /etc/sudoers file on a Red Hat operating system.
Default requiretty
Remove the comment from the following line /etc/ssh/sshd_config file
PermitRootLogin Yes
You must have root permissions to install McAfee Agent on non-Windows systems.
• Enable the network access on Windows 7 Home client systems.
• Enable the file and print sharing.
• Enable the server services.
• Enable the remote registry services.
• Temporarily disable the user account control on client systems to push McAfee Agent from McAfee ePO.
The push deployment feature can install McAfee Agent on many systems at the same time. You can only install
a single version of McAfee Agent on a client system.

Manage Agent Deployment URLs 3
Manage Agent Deployment URLs

You can create, delete, enable, disable, or view Agent Deployment URLs from McAfee ePO.
Task
1 Select Menu | Systems | System Tree, then click Agent Deployment.
2 Click Actions, then select the required option.
Options Definition
Choose Columns Opens the Choose Columns page where you select the columns to display
on the Agent Deployment page.
Create Agent Deployment URL Opens the Agent Deployment URL page where you create a URL for Agent
Deployment.
Delete Agent Deployment URL Deletes the selected Agent Deployment URL.
Enable/Disable Agent Deployment Controls whether the client system users can deploy the agent using the
URL URL.
Export Table Displays the Export page where you choose the way the table is exported.
View Agent Deployment URL Displays the Agent Deployment URL.

Contents
Deploying the agent using McAfee Smart Installer
Including McAfee Agent on an image
Install URL-based McAfee Agent manually from the command line
Install McAfee Agent in Virtual Desktop Infrastructure mode
Install on Microsoft Windows systems
Install the agent on Linux and Macintosh systems
Deploying the agent using McAfee Smart Installer

The McAfee Smart Installer is a customized URL-based installer that can be created with McAfee ePO.
You can create a customized McAfee Smart Installer by selecting the required operating system and McAfee
Agent version using McAfee ePO.
Clicking the McAfee Smart Installer prompts you to save or run the executable file. The managed system users
with administrator rights can run the executable file and install McAfee Agent on their system. Running the
executable on the client system extracts McAfee ePO details and McAfee Agent unique token.
Once the executable is extracted, the client system tries to discover peer-to-peer servers in its broadcast
domain to download the McAfee Agent installation and configuration files. On receiving the request, the McAfee
Agent that is configured as peer-to-peer server responds to the request and serves the content.
If the client system is unable to find peer-to-peer servers in its broadcast domain, it tries to connect McAfee
ePO to download the configuration files. If the connection succeeds, the client system downloads and installs
McAfee Agent.

If the installer is unable to connect to McAfee ePO directly, it uses the proxy server setting configured on the
client system to download and install McAfee Agent. The installer uses the proxy server settings configured in
Internet Explorer for Windows or System Preferences for Macintosh OS X client systems.
Download using proxy server is supported only on Windows and Macintosh operating systems. For Macintosh
client systems, the installer uses System Preferences. You must provide the proxy server credentials if your client
system requires authentication to connect to the proxy server.
If the client system fails to connect to McAfee ePO directly or using the proxy server, it broadcasts a message to
discover McAfee Agent with relay capability in its network. The RelayServer responds to the message and
establishes connection with the client system.
If McAfee Agent package download fails due to network connectivity problems, McAfee Agent resumes
downloading the remaining installation files from the point it stopped when the McAfee Smart Installer runs
next time.
(McAfee ePO On-Premises) McAfee Agent then installs other McAfee products through the deployment tasks
and enforces new policies assigned to the managed system fetched during the first agent-server
communication.
Create customized McAfee Smart Installer

You can create a McAfee Smart Installer from your McAfee ePO dashboard.
Before you begin

(McAfee ePO On-Premises) Make sure that the McAfee Agent extension is installed and the software
package is checked in to McAfee ePO.
While creating the McAfee Smart Installer, you can also set McAfee Agent or the other McAfee products to
update automatically. If you select other McAfee products to be included in the installer, a deployment task is
created to install the product. These products are then installed after the first agent-server communication.
Task
1 Select Menu | Dashboards, then on the Getting Started pane, click Customize Installation.
2 Type a group name and select the appropriate operating system.
3 Select the required software and policies.
4 If you want McAfee Agent or the other McAfee products to be updated automatically, select Software is
automatically updated to the latest version.
5 Click Done, then follow the on-screen instructions to download and install McAfee Agent.
Install the agent with customized McAfee Smart installer

Managed system users can install the agent on Windows and other supported platforms using the McAfee
Smart Installer.
Running the executable on the client system extracts McAfee ePO details from the coninfo.xml file. The client
system tries to connect McAfee ePO to download the installation and configuration files.
The install.zip file cannot be downloaded from the FTP or UNC servers.
Task
1 Click the URL or copy and paste it into a browser.
Enter the complete URL without any space, in the browser.

Methods of deploying McAfee Agent using McAfee ePO On-Premises 3
2 Perform these depending on your operating system.
Operating Steps to install

system
For Windows
You must have administrator rights to install McAfee Agent on the managed system.
1 When prompted, download the installer. Or, click Install to download and install
McAfee Agent.
2 In the File Download dialog box, click Run.
3 Click Run to confirm installation. A dialog box shows the progress of the installation.
The installation log McAfeeSmartInstall_<date>_<time>.log is saved in
<LocaltempDir>\McAfeeLogs.
For Macintosh When prompted, download the installer. The customized URL downloads the
McAfeeSmartInstall.sh file.
McAfee Agent 5.6.6 and later versions provides the McAfeeSmartInstall.sh installer
file for Smart Installer. However, McAfee Agent doesn't support the launch of
McAfeeSmartInstall.sh through remote console.
• Open Terminal, then switch to the location where you have downloaded the
McAfeeSmartInstall.sh file.
• Run the following commands:
sudo chmod +x McAfeeSmartInstall.sh
sudo ./McAfeeSmartInstall.sh
A dialog box shows the progress of the installation.
The installation log is saved in /tmp.
For other • Run McAfee Agent installer from the folder where it is downloaded.
supported <McAfeeSmartInstall.sh>
non-Windows
operating The installation log McAfeeSmartInstall_<date>_<time>.log is saved in the folder
systems
where you downloaded McAfee Agent installer.
Including McAfee Agent on an image

You can install the agent on an image that is later deployed to multiple systems.
You must make sure the agent functions properly in this scenario.
No two agents can share the same GUID. The most common way McAfee Agent ends up with duplicate GUIDs is
if it was installed on an image without having its GUID removed, and that image was deployed onto more than
one system.
To make sure the GUIDs are not duplicated, run this command on the system image where McAfee Agent is
installed and is used to deploy on more than one client systems.
maconfig -enforce -noguid
Restart the McAfee Agent service on your system after running the maconfig -enforce -noguid command to
generate a unique GUID.

Install URL-based McAfee Agent manually from the command line

You can override default installation parameters by manually installing the URL-based agent on supported
operating systems.
Task
• Run the following command on the client system with any of these parameters:
On Windows, run McAfeeSmartInstall.exe
On Macintosh, run McAfeeSmartInstall.sh
On Linux, run McAfeeSmartInstall.sh
To know more about using command-line switches with McAfee Agent, see KB52707.
Parameter Description
‑d "Data path" Overrides the path of McAfee Agent data files (Windows only). The default location
is: <Documents and Settings>\All Users\Application Data\McAfee
\Agent. If the operating system does not have a Documents and Settings
folder, the default location is C:\ProgramData\McAfee\Agent.
Example: McAfeeSmartInstall.exe ‑d D:\McAfeeAgent\Data
‑i "Install path" Overrides the default folder where installation files are saved (Windows only). You
can use Windows system variables, such as <SYSTEM_DRIVE>. If not specified, the
default location is: <DRIVE>:\Program Files\McAfee\Agent.
Example: McAfeeSmartInstall.exe ‑i D:\McAfeeAgent
‑g Generates the debug log McAfeeSmartInstall_<date>_<time>.log.

• On Windows client systems, the log file is saved in <Documents and Settings>
\<User>\Local\Temp\McAfeeLogs.
• On Macintosh client systems, the log file is saved in /tmp.
• On other non-Windows client systems, the log file is saved in the installation
folder.
‑a "Proxy Specifies the proxy server address and the port number (Windows and Macintosh
address" ‑p only).
"Proxy port" If the proxy server details are not provided, the installer uses the default browser
proxy server setting.
‑k Switches off the peer and certificate verification of the https server from where the
installer downloads the configuration file.
‑u "Proxy user Specifies the user name and password for the authenticated proxy server (Windows
name" ‑w "Proxy and Macintosh only).
password"
‑f Forces McAfee Agent installation (Windows only).
‑s Installs McAfee Agent in silent mode (Windows and Macintosh only).
‑v Installs McAfee Agent in VDI mode.
‑h Uninstalls the existing agent and installs a new agent while retaining the Agent
GUID. (Windows only)
Example: McAfeeSmartInstall.exe ‑h
‑? Displays the Help for command-line options.
All parameters are optional. If you don't specify a parameter, the installer uses the default value.

Install McAfee Agent in Virtual Desktop Infrastructure mode

McAfee Agent Global Unique Identifier (GUID) is a random value used specifically by McAfee ePO and is created
when the agent is installed on a managed system.
If a new McAfee Agent GUID is created every time a virtual image or a system is started, it results in duplication
of GUID. Installing McAfee Agent in Virtual Desktop Infrastructure (VDI) mode can avoid duplication of GUID.
Installing McAfee Agent in VDI mode deprovisions the virtual image or the system every time it shuts down. This
enables McAfee ePO to save the deprovisioned McAfee Agent in its database. Once deprovisioned in the
database, McAfee Agent is not displayed on McAfee ePO console.
Task
1 Select Menu | Systems | System Tree, then select New Systems.
2 Next to How to add systems, select Create and download agent installation package.
On McAfee ePO Cloud, type a name for the URL and click OK to generate the Agent Deployment URL.
3 Select Agent version.
4 Select or deselect Embed Credentials in Package. If selected, type the appropriate Credentials for agent installation.
If you want these credentials to be remembered the next time you complete this task, click Remember my
credentials for future deployments.
5 If you want the deployment to use a specific Agent Handler, select it from the drop-down list. If not, select All
Agent Handlers.
6 Download McAfee Agent and copy the installer on the virtual image.
7 Run the following command to install McAfee Agent in VDI mode:

McAfeeSmartInstaller.exe -v
8 To verify if McAfee Agent was installed in VDI mode, select Menu | Systems | System Tree, then select the
system.
The System Information page displays the properties of the client system reported by McAfee Agent. The value
of the system property VDI should be Yes.
McAfee Agent starts the agent-server communication and enforces all policies and tasks as configured on
McAfee ePO.
Install on Microsoft Windows systems

You can install the agent on Windows systems directly from the McAfee ePO console.
Or, you can:
• Copy the agent installation package to removable media or a network share for manual or logon script
installation on your Windows systems.
• Copy the customized McAfee Smart Installer to download and install agent manually on the managed
systems.

Tasks
• Install from McAfee ePO on page 28
You can install the agent on multiple systems at the same time using McAfee ePO. All such systems
should be running on the same operating system.
• Install manually on page 29
Manually install the agent on client systems, using the FramePkg.exe installer.
• Install using third-party deployment methods on page 29
Installing the agent using third-party deployment methods requires an installation package created
for that environment.
• Install with logon scripts on page 30
In environments where the client systems log on to the network, use network logon scripts to install
the agent.
• Install with custom installation packages on page 32
Use custom installation packages to install the agent on systems that are not managed by McAfee
ePO.
• Install using Group Policy Object on page 34
Configure your third-party software, such as Microsoft Group Policy Objects (GPO), to distribute the
agent installation package, which is on your McAfee ePO.
Install from McAfee ePO

You can install the agent on multiple systems at the same time using McAfee ePO. All such systems should be
running on the same operating system.
Before you begin

• McAfee Agent extension must be installed on McAfee ePO and appropriate software and key
updater packages must be added to the Master Repository.
This method is recommended if large segments of your System Tree are already populated. For example, if you
created System Tree segments by importing domains or Active Directory containers, and you chose not to deploy
McAfee Agent during the import.
You can only install one version of McAfee Agent on one type of operating system with this task. If you need to
install on multiple operating systems or versions, repeat this task for each additional target operating system or
version.
Task
1 Select Menu | Systems | System Tree, then select the groups or systems where you want to deploy McAfee
Agent.
2 Click Actions | Agent | Deploy Agents.
3 Select the appropriate Agent version drop-down list given the target operating system, and select a version
from that list.
4 Select these options as appropriate:

• Install only on systems that do not already have an agent managed by this McAfee ePO server
• Force installation over existing version
If you use the force installation option, the existing McAfee Agent is removed in its entirety, including policies,
tasks, events, and logs, before the new McAfee Agent is installed.

5 To change the installation path from the default, enter the target path in the Installation path option.
6 Type valid credentials in the Domain, User name, and Password and Confirm password fields.
If you want these entries to be the default for future deployments, select Remember my credentials for future
deployments.
7 If you do not want the default values, enter values in the Number of attempts, Retry interval, and Cancel after
options.
Agent Handlers.
9 Click OK.
The Server Task Log page appears with the Deploy McAfee Agent task listed.
Install manually
Manually install the agent on client systems, using the FramePkg.exe installer.
If you want users (with local administrator rights) to install McAfee Agent on their own systems, distribute the
installation package file to them. You can attach it to an email message, copy it to media, or save it to a shared
network folder.
Task
1 Copy the installation package, FramePkg.exe, from your McAfee ePO to a shared folder on a network
server accessible by the target system.
2 On the target system, navigate to and right-click FramePkg.exe, select Run as administrator, and wait a few
moments while McAfee Agent is installed.
3 Click OK to complete the installation.

In 10 seconds, McAfee Agent calls into McAfee ePO for the first time.
Systems where McAfee Agent is installed manually are located initially in the Lost & Found group of the McAfee
ePO System Tree.
After McAfee Agent is installed, it calls into the server and adds the new system to the System Tree.
Install using third-party deployment methods

Installing the agent using third-party deployment methods requires an installation package created for that
environment.
Before you begin

The agent extension must be installed on McAfee ePO and appropriate agent packages must be
added to the Master Repository.
Task
1 Create an installation package.

a Select Menu | Systems | System Tree, then select New Systems.
b Select Create and download agent installation package.

c Select the appropriate Agent version.
d Deselect Embed Credentials in Package to receive the default package. Otherwise, specify the required
credentials.
e If you want the deployment to use a specific Agent Handler, select it from the drop-down list. If not,
select All Agent Handlers.
f Click OK.
g Select FramePkg.exe and save it to the desktop.
2 To embed credentials on systems not belonging to a domain, change the local security policy on the target
systems.
a Log on to the target system using an account with local administrator rights.
b From the command line, run SECPOL.MSC to open the Local Security Settings dialog box.
c From the Security Settings | Local Policies, select User Rights Assignment.
d In the Policy column of the details pane, double-click Impersonate a client after authentication to open the Local
Security Policy Setting dialog box.
e Click Add User or Group to open the Select Users or Groups dialog box.
f Select the user or group that the user is likely to run as, then click Add.
g Click Add.
You are now ready to use your third-party software to distribute the installation package, FramePkg.exe.
By default User Access Control is enabled on Windows Vista and later operating systems. The administrator must
add permission to the user or turn off User Access Control to install the agent manually on client systems.
Install with logon scripts

In environments where the client systems log on to the network, use network logon scripts to install the agent.
Before you begin

• Create segments of your System Tree that use network domain names or sorting filters that add
the expected systems to your groups. If you don’t, all systems are added to the Lost & Found
group, and you must move them manually.
• See your operating system documentation for writing logon scripts. The details of the logon
script depend on your needs. This task uses a basic example.

• Create a batch file (ePO.bat) that contains commands you want to execute on systems when
they log on to the network. The content of the batch file depends on your needs, but its purpose
is to check whether McAfee Agent has been installed in the expected location and, if not, run
FramePkg.exe to install McAfee Agent. Below is a sample batch file that does this. This example
checks the default installation folder for McAfee Agent files and, if not present, installs the
McAfee Agent.
@ECHO OFF
SETLOCAL
set MA_KEY_NAME="HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Agent"
set MA_VALUE_NAME=InstallPath
FOR /F "usebackq skip=2 tokens=1,2*" %%A IN (

`REG QUERY %MA_KEY_NAME% /v %MA_VALUE_NAME% 2^>nul`) DO (
set Home="%%C"
)
IF DEFINED home SET home=%home:"=%

if defined Home echo "McAfee Agent 5.0 is already installed"
if NOT defined Home "\\MyServer\Agent$\Update\FramePkg.exe /install=agent"
exit /b 0
• FramePkg.exe requires administrator rights to install properly.
• This method is appropriate when:

• Domain names or sorting filters are assigned to the segments of your System Tree.
• You already have a managed environment and want to make sure that new systems logging
on to the network become managed as a result.
• You already have a managed environment and want to make sure that systems are running
a current version of McAfee Agent.
Task
1 Copy McAfee Agent installation package, FramePkg.exe, from your McAfee ePO to a shared folder on a
network server, where all systems have permissions.
Systems logging on to the network are automatically directed to this folder to run McAfee Agent installation
package and install McAfee Agent. The default location for the installation packages for Windows is:
<Program Files>\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3000\Install
\0409\FramePkg.exe. Embedded credential package always runs in silent mode and does not display any
error message when an installation fails.
2 Save the batch file you created, ePO.bat, to the NETLOGON$ folder of your primary domain controller (PDC)
server.
The batch file runs from the PDC every time a system logs on to the network.
3 Add a line to your logon script that calls the batch file on your PDC server.
For example: CALL \\<PDC>\NETLOGON$\EPO.BAT

Install with custom installation packages

Use custom installation packages to install the agent on systems that are not managed by McAfee ePO.
If you use a distribution method other than deployment capabilities (such as logon scripts or third-party
deployment software), you can create a custom installation package (FramePkg.exe). For Windows systems,
you can create the package with embedded administrator credentials. This is needed in a Windows
environment if users do not have local administrator rights. The user account credentials you embed are used
to install McAfee Agent.
Because an installer package created for this purpose has embedded credentials, access to it should be severely
restricted. Installer packages with embedded credentials should only be used in specific situations where another
deployment method is not available. For additional, important information about the use of embedded
credentials, see KB65538.
Task
1 Select Menu | Systems | System Tree, then select New Systems.
2 Next to How to add systems, select Create and download agent installation package.
3 Select the appropriate Agent version.
4 Select or deselect Embed Credentials in Package. If selected, type the appropriate Credentials for agent installation.
If you want these credentials to be remembered the next time you complete this task, click Remember my
credentials for future deployments.
5 If you want the installer to use a specific Agent Handler, select it from the drop-down list. If not, select All
Agent Handlers.
6 Click OK.
7 When prompted, select the file to be downloaded. Click to open the file, or right-click to save the file.
8 Distribute the custom installation package file as needed.
Command-line options for the agent on Windows

Use the command-line options to install, upgrade, or manage the agent on Windows systems.
Use these command-line options with the deployment task to upgrade to a new version of McAfee Agent.
This table describes McAfee Agent installation command-line options. These options are not case sensitive.
FramePkg.exe and FrmInst.exe require administrator rights, so they must be run from an administrator
command prompt or configured to always run as administrator.

FramePkg.exe and FrmInst.exe command-line options
Command Description
/Customprops Allows you to set custom properties.
Example:
FRAMEPKG /INSTALL=AGENT /Customprops1="prop1" /Customprops2="prop2" /
Customprops3="prop3"
/DATADIR Specifies the folder on the system to store McAfee Agent data files. The default location is:
<Documents and Settings>\All Users\Application Data\McAfee\Agent. If the
operating system does not have a Documents and Settings folder, the default location
is C:\ProgramData\McAfee\Agent.
Example: FRAMEPKG /INSTALL=AGENT /DATADIR=D:\AgentData
/DOMAIN Specifies a domain, and account credentials used to install McAfee Agent. The account
/USERNAME must have rights to create and start services on a system. If left unspecified, the
credentials of the currently logged-on account are used. If you want to use an account
/PASSWORD that is local to a system, use the system’s name as the domain.
Example:
FRAMEPKG /INSTALL=AGENT /DOMAIN=mydomain.com /USERNAME=jdoe /
PASSWORD=password
/enableVDImode Installs McAfee Agent in VDI mode.

/FORCEINSTALL Specifies that the existing McAfee Agent is uninstalled, then the new McAfee Agent is
installed. Use this option only to change the installation directory or to downgrade McAfee
Agent. When using this option, we recommend specifying a different directory for the new
installation (/INSTDIR).
Example:
FRAMEPKG /INSTALL=AGENT /FORCEINSTALL /INSTDIR=D:\McAfeeAgent
/INSTALL /INSTALL=AGENT Installs and enables McAfee Agent in managed mode.

Example:
FRAMEPKG /INSTALL=AGENT
/INSTALL=UPDATER Enables the AutoUpdate component if it has already been

installed, and does not change whether McAfee Agent is
enabled. This command-line option upgrades McAfee
Agent. Use this command to install McAfee Agent in
unmanaged mode.
An Embedded credential package can't be used to

install McAfee Agent in unmanaged mode.
Example:
FRAMEPKG /INSTALL=UPDATER
/INSTALL=AGENT / Installs McAfee Agent in a 32-bit mode on a 64-bit

FORCE32BITSERVICES operating system.
Example:
/INSTALL=AGENT /FORCE32BITSERVICES

Command Description
/INSTALL=AGENT /Relay Allows the user to manually define the RelayServer
information, such as IP address or DNS name, to the client
system during the agent installation.
When the client system fails to connect to the McAfee ePO
server directly or using the proxy server, it communicates
using the RelayServer that is specified during the agent
installation.
Example:
FramePkg.exe /Install=Agent /
Relay="<IP1>:Port1[;<IP2>:Port2;...]"
/INSTDIR Specifies the installation folder on the system. You can use Windows system variables,
such as <SYSTEM_DRIVE>. If not specified, the default location is: <DRIVE>: \program
files\mcafee\Agent
Example: FRAMEPKG /INSTALL=AGENT /INSTDIR=C:\ePOAgent
/REMOVE Removes McAfee Agent if not in use. If in use, McAfee Agent changes to updater mode.
Example: FRMINST /REMOVE=AGENT
/FORCEUNINSTALL Removes McAfee Agent forcibly from the client system.

Example: FrmInst.exe /FORCEUNINSTALL
/RESETLANGUAGE Resets McAfee Agent language to its default operating system language.
/SILENT or /S Installs McAfee Agent in non-interactive mode, hiding the installation from the user.
Example: FRAMEPKG /INSTALL=AGENT /SILENT
/SITEINFO Specifies the folder path to a specific repository list (McAfee Agent installer, reqseckey
.bin (the initial request key), srpubkey.bin (the server public key), req2048seckey
.bin, sr2048pubkey.bin, Sitelist.xml file, and agentfipsmode file).
Example: FRAMEPKG /INSTALL=AGENT /SITEINFO=C:\TMP\SITELIST.XML
/USELANGUAGE Specifies the locale ID of McAfee Agent that you want to install. Use the switch to change
current McAfee Agent language to any supported language.
Example: FRAMEPKG /INSTALL=AGENT /USELANGUAGE=0404
If errors occur during installation, all error messages are displayed in English regardless of
the installed locale.
/keepguid Retains the Agent GUID during force installation. This command is used with
FramePkg.exe installation method.
Example: FramePkg.exe /Install=Agent /ForceInstall /keepguid
Use this command on McAfee Agent version 5.6.3 or later. This command is valid only
when it is used with the /ForceInstall option.
Install using Group Policy Object

Configure your third-party software, such as Microsoft Group Policy Objects (GPO), to distribute the agent
installation package, which is on your McAfee ePO.

Task
1 Download Framepkg.exe from McAfee ePO to a shared folder on a network server, where all systems have
permissions.
2 Execute this command:

Framepkg.exe /gengpomsi /SiteInfo=<sharedpath>\Sitelist.xml /
FrmInstLogLoc=<localtempDir>\<filename>.log
The following files are extracted to your local drive.
• MFEagent.msi • agentfipsmode
• Sitelist.xml • sr2048pubkey.bin
• srpubkey.bin • req2048seckey.bin
• reqseckey.bin
3 Copy the extracted files to a shared UNC location specified in siteinfo path.
4 Create a Group Policy Object. (See Microsoft documentation for instructions).
5 Click Computer Configuration | Policies | Software Settings.
6 Right-click Software installation, then click New | Package.
7 When prompted for a package, browse to the shared UNC path, then select MFEAgent.msi.
8 Select the Deployment Method as Assigned.
McAfee Agent does not support per-user installations.
Install the agent on Linux and Macintosh systems

Install the agent manually on Linux and Macintosh systems using McAfee ePO or the custom agent installation
URL.
On Linux and Macintosh systems, McAfee Agent is installed manually using an installation script (install.sh)
that McAfee ePO creates when you check in the McAfee Agent software package in the McAfee ePO Master
Repository and indicate the operating system in use. Ubuntu Linux client systems have a slightly different
manual installation method, which is discussed in later sections in the document.
Install on non-Windows operating systems from McAfee ePO

Install the agent on multiple systems at the same time using McAfee ePO.
Before you begin

Enable SSH on the non-Windows client systems.
• You must have root permissions to install McAfee Agent on non-Windows systems.
• McAfee Agent extension must be installed on McAfee ePO and appropriate packages must be
added to the Master Repository before installing McAfee Agent on a non-Windows system.
• Comment the following line in the /etc/sudoers file on a Red Hat operating system.
Default requiretty
The following non-Windows operating systems support installing McAfee Agent from McAfee ePO.

• Macintosh OS X versions 10.9 and later
• Red Hat Enterprise Linux versions 5 and later
• Ubuntu 11.04 and later
You can only install one version of McAfee Agent on one type of operating system with this task. If you need to
install on multiple operating systems or versions, repeat this task for each additional target operating system or
version.
Task
1 Select Menu | Systems | System Tree, then select the groups or systems where you want to deploy McAfee
Agent.
3 Select the appropriate Agent version drop-down list for the target operating system, and select a version from
that list.
4 Select Install only on systems that do not already have an agent managed by this McAfee ePO server.
5 Type valid credentials in the User name, Password, and Confirm password fields.
If you want these entries to be the default for future deployments, select Remember my credentials for future
deployments.
6 If you do not want the defaults, enter appropriate values into the Number of attempts, Retry interval, and Cancel
after options.
Agent Handlers.
8 Click OK.
Install on non-Windows operating systems manually

You can manually install the agent on Macintosh and Linux systems.
Before you begin

The agent extension must be installed on McAfee ePO and appropriate agent packages added to
the Master Repository before the agent can be installed onto a non-Windows system.

Task
1 Select Menu | Systems | System Tree.
2 Perform one of these actions to obtain the installation file:

• Click New Systems, select Create and download agent installation package, choose the appropriate Agent version,
click OK, and save the agentPackages.zip file that contains the install.sh file.
• Copy the install.sh file directly from McAfee ePO. The path includes the name of the selected
repository. For example, if checked in to the Current branch of the McAfee ePO software repository, the
path of the required files is:
Linux C:\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current

\EPOAGENT3700LYNX\Install\0409
Macintosh C:\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current
\EPOAGENT3700MACX\Install\0409
3 Open Terminal, then switch to the location where you copied the install.sh file.
4 Run these commands, giving root credentials when requested:
sudo chmod +x install.sh

sudo ./install.sh -i
To determine the version of McAfee Agent installed on a Macintosh system, see KB68746.
Install the agent in managed mode on Ubuntu systems

Manually install or push the agent from McAfee ePO on Ubuntu systems.
Task
2 Click New Systems, select Create and download agent installation package, choose the appropriate Agent version, click
OK, and save the agentPackages.zip file that contains the installdeb.sh file.
3 Open Terminal, then switch to the location where you copied the installdeb.sh file.
4 Run these commands, giving root credentials when requested:
$chmod +x ./installdeb.sh
$sudo ./installdeb.sh -i
Install the agent using third party deployment
Contents
Install the agent on Red Hat Linux systems using third party deployment method
Install the agent on Ubuntu systems using third party deployment method

Install the agent on Red Hat Linux systems using third party deployment method
Install the agent on Red Hat Linux systems using third-party deployment methods with the help of an rpm
package created for that environment.
Before you begin

The agent extension must be installed on McAfee ePO and Linux agent package is checked in to the
Master Repository.
Task
OK, and save the agentPackages.zip file that contains the install.sh file.
4 Generate MAProvision.rpm file from install.sh using the option (-p).
Make sure the rpm-build package is installed on the local system before generating MAProvision files. Run
the following command to check if it is already present.
rpm -q redhat-rpm-config
If the rpm-build package is not installed on the local system, run the following command to install.
yum install rpm-build
If the unzip package is not installed on the local system, run the following command to install.
yum install unzip
• Run the command, giving root credentials when requested. For example:
./install.sh -p
The MAProvision.rpm file is generated.
5 To collect MFEma.rpm and MFErt.rpm files, do one of the following:

a Collect using install.sh file.
• Copy the install.sh file to a non-windows system.
• Open Terminal, then switch to the location where you copied the install.sh file.
• Run the following command to extract the installation package.

unzip install.sh

• The following installation files are available. Collect the files as needed.
• MFEma.i686.rpm
• MFEma.x86_64.rpm
• MFErt.i686.rpm
Use the appropriate MFEma package based on the operating system used. For example:
For a 64-bit operating system: Use MFEma.x86_64.rpm
For a 32-bit operating system: Use MFEma.i686.rpm
b Collect from McAfee ePO Master Repository.

The files are available in the selected repository path. For example, if checked in to the Current branch of
the McAfee ePO software repository, the path of the required files is C:\Program Files\McAfee
\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700LYNX\Install\0409. Change the
file path based on the branch selected.
6 To collect MFEdx‑ma‑<build_number>.rpm file, do the following:

• Copy the DXL.zip file to a non-windows system.
The DXL.zip file is available in the selected repository path. For example, if checked in to the Current
branch of the McAfee ePO software repository, the path of the required files is C:\Program Files
\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700LYNX\Install\0409.
Change the file path based on the branch selected.
• Open Terminal, then switch to the location where you copied the DXL.zip file.

unzip DXL.zip
• MFEdx‑ma‑<build_number>.i686.rpm
• MFEdx‑ma‑<build_number>.x86_64.rpm
Use the appropriate MFEdx‑ma‑<build_number> package based on the operating system used. For
example:
For a 64-bit operating system: Use MFEdx‑ma‑<build_number>.x86_64.rpm
For a 32-bit operating system: Use MFEdx‑ma‑<build_number>.i686.rpm
7 Check in the files (MAProvision.rpm, MFEma.rpm, MFErt.rpm, and MFEdx-ma-<build_number>.rpm) into

the third-party deployment tools (such as YUM) repository.
8 Install McAfee Agent in managed mode using third-party tools (for example, yum install
MAProvision.rpm).
Install the agent on Ubuntu systems using third party deployment method
You can generate a debian package and install the agent on Ubuntu systems using third-party deployment
methods.
Before you begin

The agent extension must be installed on McAfee ePO and Linux agent package is checked in to the
Master Repository.

Task
OK, and save the agentPackages.zip file that contains the install.sh file.
4 Generate maprovision.deb file from install.sh using the option (-p).

• Run the command, giving root credentials when requested. For example:
./install.sh -p
The maprovision.deb file is generated.
5 To collect mfema.deb and mfert.deb files, do one of the following:

a Collect using install.sh file.
• Copy the install.sh file to a non-windows system.
• Open Terminal, then switch to the location where you copied the install.sh file.

unzip install.sh
• The following installation files are available. Collect the files as needed. From McAfee Agent 5.6.6
onwards, McAfee Agent includes version information in the filename.
• mfema‑<build_number>.i686.deb
• mfema‑<build_number>.x86_64.deb
• mfert‑<build_number>.i686.deb.
Use the appropriate mfema package based on the operating system used. For example:
For a 64-bit operating system: Use mfema‑<build_number>.x86_64.deb
For a 32-bit operating system: Use mfema‑<build_number>.i686.deb
b Collect from McAfee ePO Master Repository.

The files are available in the selected repository path. For example, if checked in to the Current branch of
the McAfee ePO software repository, the path of the required files is C:\Program Files\McAfee
\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700LYNX\Install\0409. Change the
file path based on the branch selected.
6 To collect mfedx‑ma‑<build_number>.deb file, do the following:

• Copy the DXL.zip file to a non-windows system.
The DXL.zip file is available in the selected repository path. For example, if checked in to the Current
branch of the McAfee ePO software repository, the path of the required files is C:\Program Files
\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700LYNX\Install\0409.
Change the file path based on the branch selected.
• Open Terminal, then switch to the location where you copied the DXL.zip file.

Methods of deploying McAfee Agent using McAfee ePO Cloud 3

unzip DXL.zip
• mfedx‑ma‑<build_number>.i686.deb
• mfedx‑ma‑<build_number>.x86_64.deb
Use the appropriate mfedx‑ma‑<build_number> package based on the operating system used. For
example:
For a 64-bit operating system: Use mfedx‑ma‑<build_number>.x86_64.deb
For a 32-bit operating system: Use mfedx‑ma‑<build_number>.i686.deb
7 Check in the files (mfema‑<build_number>.i686.deb, mfema‑<build_number>.x86_64.deb, mfert

‑<build_number>.i686.deb, and mfedx‑ma‑<build_number>.deb) into the third-party deployment tools
(such as apt-get) repository.
8 Install McAfee Agent in managed mode using third-party tools (for example, apt-get install
maprovision.deb).
Install the agent on non-Windows systems using install scripts

Several options are available when you install the agent on non-Windows systems using the install.sh script.
Table 3-1 Supported install script (install.sh) options

Option Function Macintosh Linux
-b Upgrades the agent only. Server information is not updated. x x
-h Shows Help. x x
-i Performs a new installation. x x
-p Generates provisioning rpm/deb packages. x
-r Runs macmnsvc as a root user during installation/upgrade. x x
-R Allows the user to manually specify the RelayServer. x x
-u Upgrades entire installation. x x
Methods of deploying McAfee Agent using McAfee ePO Cloud
Deploy McAfee Agent using McAfee ePO Cloud

You can deploy agents to client systems from McAfee ePO Cloud using different methods.
Use any of the following methods to deploy the agent:
• Deploy McAfee Agent using McAfee Smart Installer.
• Install URL-based McAfee Agent manually from the command line.
• Install McAfee Agent in Virtual Desktop Infrastructure (VDI) mode.
• Create the Agent Deployment URL.

See also
Deploying the agent using McAfee Smart Installer on page 23
Install URL-based McAfee Agent manually from the command line on page 26
Install McAfee Agent in Virtual Desktop Infrastructure mode on page 27
Manage Agent Deployment URLs on page 23

Contents
Install the agent on unmanaged Windows
Install the agent on unmanaged non-Windows systems using install script
Install the agent on Linux systems using native installer
Install the agent on unmanaged Macintosh systems using native installer
Install the agent on unmanaged Windows

You can manually install the McAfee Agent on unmanaged Windows systems using the FramePkg_UPD.exe
installer.
Before you begin

You must have administrator rights to install McAfee Agent on the client system.
When McAfee Agent 5.6.0 is installed on Windows systems in unmanaged mode, the DXL client is automatically
installed and is in idle state.
Task
1 Download and extract the McAfee Agent package (Example: MAxxxWIN.zip) to a temporary location.
2 Copy FramePkg_UPD.exe to a location on the target system.
3 On the target system, navigate to and right-click FramePkg_UPD.exe and select Run as administrator.
Install the agent on unmanaged non-Windows systems using install

script
You can manually install McAfee Agent on non-Windows (rpm or debian, or Macintosh) systems in unmanaged
mode using the install_upd.sh script. This option is available only on McAfee Agent 5.6.4 and later versions.
Before you begin

You must have root permissions to install McAfee Agent on non-Windows (rpm or debian, or
Macintosh) systems.
When McAfee Agent 5.6.0 is installed on non-Windows (rpm or debian, or Macintosh) systems in unmanaged
mode, the DXL client is installed automatically and is in idle state.

Methods of installing McAfee Agent in unmanged mode 3
Task
1 Download and extract the McAfee Agent package (Example: MAxxxLNX.zip and MAxxxMAC.zip) to a
temporary location.
install_upd.sh is available in MAxxxLNX.zip and MAxxxMAC.zip.
2 Copy the install_upd.sh file to the client system.
3 Open a terminal window on the client system.
4 Navigate to the folder where the installer is available.
5 Run the following command, giving root credentials when requested:
sudo chmod +x install_upd.sh

sudo ./install_upd.sh -i
Install the agent on Linux systems using native installer

Contents
Install the agent on unmanaged rpm systems
Install the agent on unmanaged debian systems
Install the agent on unmanaged rpm systems

You must manually install the agent on rpm systems in unmanaged mode.
Before you begin

You must have root permissions to install McAfee Agent on rpm systems.
When McAfee Agent 5.6.0 is installed on rpm systems in unmanaged mode, the DXL client does not get installed
automatically. Hence, the DXL client has to be installed manually.
Task
1 Download and extract the McAfee Agent package (Example: MAxxxLNX.zip) to a temporary location.
DXL.zip is available in MAxxxLNX.zip. Extract DXL.zip to get MFEdx‑ma‑<build_number>.i686.rpm and
MFEdx‑ma‑<build_number>.x86_64.rpm files.

2 Copy the following installer files to the client system.

• MFEma.i686.rpm • MFEdx‑ma‑<build_number>.i686.rpm
• MFEma.x86_64.rpm • MFEdx‑ma‑<build_number>.x86_64.rpm
• MFErt.i686.rpm
Use the appropriate MFEma and MFEdx‑ma‑<build_number> packages based on the operating system used.
For example:
For a 64-bit operating system: Use MFEma.x86_64.rpm and MFEdx‑ma‑<build_number>.x86
_64.rpm
For a 32-bit operating system: Use MFEma.i686.rpm and MFEdx‑ma‑<build_number>.i686

.rpm
5 Run the following commands to install the agent on the client system:
• For a 64-bit operating system:
rpm -ivh MFErt.i686.rpm

rpm -ivh MFEma.x86_64.rpm
rpm -ivh MFEdx-ma-<build_number>.x86_64.rpm
rpm -ivh MFErt.i686.rpm

rpm -ivh MFEma.i686.rpm
rpm -ivh MFEdx-ma-<build_number>.i686.rpm
Install the agent on unmanaged debian systems

You must manually install the agent on debian systems in unmanaged mode.
Before you begin

You must have root permissions to install McAfee Agent on debian systems.
When McAfee Agent 5.6.0 is installed on debian systems in unmanaged mode, the DXL client does not get
installed automatically. Hence, the DXL client has to be installed manually.
Task
1 Download and extract the McAfee Agent package (Example: MAxxxLNX.zip) to a temporary location.
DXL.zip is available in MAxxxLNX.zip. Extract DXL.zip to get mfedx‑ma‑<build_number>.i686.deb and
mfedx‑ma‑<build_number>.x86_64.deb files.

Methods of installing McAfee Agent in unmanged mode 3

• mfema‑<build_number>.i686.deb • mfedx‑ma‑<build_number>.i686.deb
• mfema‑<build_number>.x86_64.deb • mfedx‑ma‑<build_number>.x86_64.deb
• mfert‑<build_number>.i686.deb
Use the appropriate mfema and mfedx‑ma‑<build_number> packages based on the operating system used.
For example:
For a 64-bit operating system: Use mfema‑<build_number>.x86_64.deb and mfedx‑ma‑<build
_number>.x86_64.deb
For a 32-bit operating system: Use mfema‑<build_number>.i686.deb and mfedx‑ma‑<build

_number>.i686.deb
5 Run the following commands to install the agent on the client system:
dpkg --install mfert-<build_number>.i686.deb

dpkg --install mfema-<build_number>.x86_64.deb
dpkg --install mfedx-ma-<build_number>.x86_64.deb

dpkg --install mfema-<build_number>.i686.deb
dpkg --install mfedx-ma-<build_number>.i686.deb
Install the agent on unmanaged Macintosh systems using native

installer
You must manually install the agent on Macintosh systems in unmanaged mode.
Before you begin

You must have root permissions to install McAfee Agent on Macintosh systems.
When McAfee Agent 5.6.0 is installed on Macintosh systems in unmanaged mode, the DXL client does not get
installed automatically. Hence, the DXL client has to be installed manually.
Task
1 Download and extract the McAfee Agent package (Example: MAxxxMAC.zip) to a temporary location.
DXL.zip is available in MAxxxMAC.zip. Extract DXL.zip to get MFEdx‑ma‑<build_number>.i686.pkg and
MFEdx‑ma‑<build_number>.x86_64.pkg files.


• MFEma.x86_64.dmg
• MFEdx‑ma‑<build_number>.i686.pkg
• MFEdx‑ma‑<build_number>.x86_64.pkg
Use the appropriate MFEdx‑ma‑<build_number> package based on the operating system used. For example:
For a 64-bit operating system: Use MFEdx‑ma‑<build_number>.x86_64.pkg
For a 32-bit operating system: Use MFEdx‑ma‑<build_number>.i686.pkg
4 Double-click the MFEma.x86_64.dmg package to install the agent.
5 Double-click the appropriate MFEdx‑ma‑<build_number> package based on the operating system to install
the DXL client.

4 Upgrading and restoring agents (McAfee ePO
On-Premises)
If you have an older version of the agent installed in your environment, you can upgrade to the latest version
when you install the latest version of McAfee ePO.
Periodically, McAfee releases newer versions of the agent that can be deployed and managed using McAfee
ePO. When the agent installation package and the extension are available, you can download it from the
McAfee download site or the Software Catalog (or Software Manager on McAfee ePO 5.9 or earlier) . Check in the
installation package to the Master Repository and install the new extension, then use the Product Deployment task to
upgrade McAfee Agent.
It is not mandatory to update McAfee Agent key updater when you upgrade McAfee Agent to a new version. If
needed, run the agent key updater task to get new keys.
You can create a customized McAfee Smart Installer to upgrade McAfee Agent on the client systems.
You can upgrade from McAfee Agent 4.6.x or 4.8.x to 5.0.0.
If you're using McAfee Agent 4.5.x or an earlier version, upgrade to 4.6.x or 4.8.x, then upgrade to 5.0.0. For
details about upgrading McAfee Agent to version 5.5.1 or later, see KB90642.
Upgrading the DXL client

The DXL client automatically upgrades when the agent is upgraded.
Consider the following scenarios when upgrading the DXL client:

• When you upgrade the agent on the system where the agent is already present and the DXL client is absent,
the agent upgrades and the DXL client gets installed.
• When you upgrade the agent on the system where the agent and the DXL client are already present, the
agent and the DXL client are upgraded. Old DXL services are removed and DXL services run as part of
McAfee Agent services.
• When you upgrade the agent on an unmanaged system, the DXL client is in idle state.
If you are upgrading McAfee Agent on a Microsoft Windows system that has a DXL client version older than 2.1.0
(not including 2.1.0), you must first upgrade the DXL client to any DXL version between 2.1.0 and 4.1.0 before
upgrading the McAfee Agent. This does not apply to non-Windows systems.
Contents
Upgrading vs. updating
Upgrade the agent using Product Deployment task
Upgrade the agent manually
Methods of upgrading McAfee Agent in unmanaged mode
Restore a previous version of the agent on Windows systems
Restore a previous version of the agent on non-Windows systems

4 Upgrading and restoring agents (McAfee ePO On-Premises)

Upgrading implies installing a newer version of the existing software and updating implies changing the data.
Upgrading is not the same as updating.
Upgrading means installing a newer version of McAfee Agent over an older version, for example, replacing
McAfee Agent 4.8 with McAfee Agent 5.0.0.
Updating means getting the most up-to-date DATs and signatures that products use to identify and disarm
threats.
• If you use McAfee ePO to deploy McAfee Agent in your network, the procedure differs slightly depending
which previous version of McAfee Agent you are upgrading.
• If you are upgrading your McAfee Agent and your network is large, consider the size of the installation
package file and your available bandwidth before deciding how many agents to upgrade at once. Consider
using a phased approach. For example, upgrade one group in your System Tree at a time. In addition to
balancing network traffic, this approach makes tracking progress and troubleshooting easier.
• (McAfee ePO On-Premises) If you use a product deployment client task to upgrade McAfee Agent, consider
scheduling the task to run at different times for different groups in the System Tree.
The procedure for upgrading depends on the version of McAfee Agent running on your managed systems.
Some previous McAfee Agent versions do not support all features in McAfee ePO 5.3.x. For full McAfee ePO
functionality, upgrade to McAfee Agent version 5.0.0 or later.
Upgrading McAfee Agent by a method other than using McAfee ePO, such as upgrading manually or using
network logon scripts, is identical to installing McAfee Agent for the first time.
Upgrade the agent using Product Deployment task

You can use the Product Deployment client task to upgrade the agent for a group of systems on McAfee ePO.
Before you begin

You must add appropriate McAfee Agent packages to the Master Repository on McAfee ePO before
upgrading McAfee Agent.
Task
2 On the Assigned Client Tasks tab, click Actions | New Client Task Assignment to open the Client Task Assignment Builder
wizard.
3 Next to Task to Schedule, select McAfee Agent as Product, Product Deployment as Task Type, and select the existing
deployment task.
You can also create an upgrade task or view the properties of the existing deployment task by clicking Create
New Task or View Selected Task respectively. To define a new task, click Create New Task and enter the information
appropriate to the task you are creating.
During the agent upgrade on non-Windows operating systems, enter -r on the Command line to run macmnsvc
with root permissions. Make sure -u is prefixed with -r on the Command line.

Upgrading and restoring agents (McAfee ePO On-Premises)
Upgrade the agent manually 4
4 Next to Lock task inheritance, you can choose to unlock or lock the upgrade task to allow or prevent breaking
inheritance.
5 Next to Tags, you can choose to send this upgrade task to all systems or specific systems that match the
expected criteria.
6 Schedule the task as needed.
7 Verify the task's details, then click Save.
8 Send a wake-up call.
The upgrade task is sent to the selected client systems at the next agent-server communication. Every time this
task executes, it checks to determine whether to install the specified version of McAfee Agent.
Upgrade the agent manually

You can manually upgrade the agent using FramePkg.exe.
Before you begin

You must add appropriate McAfee Agent packages to the Master Repository on McAfee ePO before
upgrading McAfee Agent.
Task
1 Copy FramePkg.exe, from your McAfee ePO to a shared folder on a network server accessible by the target
system.
By default, the FramePkg.exe installation package is at <System Drive>\Program Files
(x86)\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3000\Install\0409.
The path includes the name of the selected repository. For example, if checked in to the Current branch of the
McAfee ePO software repository, the path of the required files is:
<System Drive>\Program Files (x86)\McAfee\ePolicy Orchestrator\DB\Software\Current

\EPOAGENT3000\Install\0409.
2 On the target system, navigate to and right-click FramePkg.exe, select Run as administrator, and wait a few
moments while McAfee Agent is upgraded.
3 Click OK to complete the upgrade.

Contents
Upgrade the agent on unmanaged Windows systems
Upgrade the agent on unmanaged non-Windows systems using install script
Upgrade the agent on unmanaged Linux systems using native installer
Upgrade the agent on unmanaged Macintosh systems

Upgrade the agent on unmanaged Windows systems

You can manually upgrade the agent running in unmanaged mode on Windows systems using the FramePkg
_UPD.exe installer.
Before you begin

You must have administrator rights to upgrade McAfee Agent on the client system.
Task
1 Download and extract the McAfee Agent 5.x.x Update X package (Example: MA550XWIN.zip) to a temporary
location.
Where “X” is the Update value of the package, such as McAfee Agent 5.5.0 Update 1.
2 Copy FramePkg_UPD.exe to a location on the target system.
3 Browse to the location of FramePkg_UPD.exe on the target system and type cmd to open the Command
Prompt.
Or, on the target system navigate to and right-click FramePkg_UPD.exe and select Run as administrator.
4 Run this command:
<path> /FramePkg_UPD.exe /upgrade
Where <path> is the full file path to FramePkg_UPD.exe (Example: C:\Temp).
Upgrade the agent on unmanaged non-Windows systems using install

script
You must manually upgrade the agent running in unmanaged mode on non-Windows (rpm or debian, or
Macintosh) systems using the install_upd.sh script. This option is available only on McAfee Agent 5.6.4 and
later versions.
Before you begin

You must have root permissions to upgrade McAfee Agent on non-Windows (rpm or debian, or
Macintosh) systems.
Task
1 Download and extract the McAfee Agent package (Example: MAxxxLNX.zip and MAxxxMAC.zip ) to a
temporary location.
install_upd.sh is available in MAxxxLNX.zip and MAxxxMAC.zip.
2 Copy the install_upd.sh file to the client system.
5 Run the following command, giving root credentials when requested:
sudo chmod +x install_upd.sh

sudo ./install_upd.sh -b

Methods of upgrading McAfee Agent in unmanaged mode 4
Upgrade the agent on unmanaged Linux systems using native installer

Contents
Upgrade the agent on unmanaged rpm systems
Upgrade the agent on unmanaged debian systems
Upgrade the agent on unmanaged rpm systems

You must manually upgrade the agent running in unmanaged mode on rpm systems.
Before you begin

You must have root permissions to upgrade McAfee Agent on rpm systems.
Task
1 Download and extract the McAfee Agent 5.x.x Update X package (Example: MA564XLNX.zip) to a temporary
location.
Where “X” is the Update value of the package, such as McAfee Agent 5.6.x Update 1.

• MFEma.i686.rpm • MFEdx‑ma‑<build_number>.i686.rpm
• MFEma.x86_64.rpm • MFEdx‑ma‑<build_number>.x86_64.rpm
• MFErt.i686.rpm
Use the appropriate MFEma and MFEdx‑ma‑<build_number> packages based on the operating system used.
For example:
For a 64-bit operating system: Use MFEma.x86_64.rpm and MFEdx‑ma‑<build_number>.x86
_64.rpm
For a 32-bit operating system: Use MFEma.i686.rpm and MFEdx‑ma‑<build_number>.i686

.rpm
5 Run the following commands:

rpm -Uvh MFErt.i686.rpm

rpm -Uvh MFEma.i686.rpm
rpm -Uvh MFEdx-ma-<build_number>.x86_64.rpm
rpm -Uvh MFErt.i686.rpm

rpm -Uvh MFEma.i686.rpm
rpm -Uvh MFEdx-ma-<build_number>.i686.rpm

Upgrade the agent on unmanaged debian systems

You must manually upgrade the agent running in unmanaged mode on debian systems.
Before you begin

You must have root permissions to upgrade McAfee Agent on debian systems.
This process supports upgrading an unmanaged McAfee Agent from version 4.8.0 to version 5.x.x.
Task
1 Download and extract the McAfee Agent 5.x.x Update X package (Example: MA564XLNX.zip) to a temporary
location.
Where “X” is the Update value of the package, such as McAfee Agent 5.6.x Update 1.

• mfema‑<build_number>.i686.deb • mfedx‑ma‑<build_number>.i686.deb
• mfema‑<build_number>.x86_64.deb • mfedx‑ma‑<build_number>.x86_64.deb
• mfert‑<build_number>.i686.deb
Use the appropriate mfema and mfedx‑ma‑<build_number> packages based on the operating system used.
For example:
For a 64-bit operating system: Use mfema‑<build_number>.x86_64.deb and mfedx‑ma‑<build
_number>.x86_64.deb
For a 32-bit operating system: Use mfema‑<build_number>.i686.deb and mfedx‑ma‑<build

_number>.i686.deb
5 Run the following commands:


dpkg --install mfema-<build_number>.x86_64.deb
dpkg --install mfedx-ma-<build_number>.x86_64.deb

dpkg --install mfema-<build_number>.i686.deb
dpkg --install mfedx-ma-<build_number>.i686.deb
Upgrade the agent on unmanaged Macintosh systems

You must manually upgrade the agent running in unmanaged mode on Macintosh systems.
Before you begin

You must have root permissions to upgrade McAfee Agent on Macintosh systems.

Restore a previous version of the agent on Windows systems 4
Task
1 Download and extract the McAfee Agent 5.x.x Update X package (Example: MA550XMAC.zip) to a temporary
location.
Where “X” is the Update value of the package, such as McAfee Agent 5.5.0 Update 1.

• MFEma.x86_64.dmg
• MFEdx‑ma‑<build_number>.i386.pkg
• MFEdx‑ma‑<build_number>.x86_64.pkg
Use the appropriate MFEdx‑ma‑<build_number> package based on the operating system used. For example:
For a 64-bit operating system: Use MFEdx‑ma‑<build_number>.x86_64.pkg
For a 32-bit operating system: Use MFEdx‑ma‑<build_number>.i386.pkg
4 Double-click the MFEma.x86_64.dmg package to upgrade the agent.
5 Double-click the appropriate MFEdx‑ma‑<build_number> package based on the operating system to

upgrade the DXL client.
Restore a previous version of the agent on Windows systems

You can restore the previous version of the agent on Windows systems from McAfee ePO.
Task
1 Select Menu | Systems | System Tree, then select the systems where you want to install a previous version of
the agent.
3 From the Agent version drop-down list on the Deploy Agent page, select the agent you want to restore, then do
the following:
a Select Force installation over existing version.
b Specify the target Installation path for the forced installation.
c Enter user Credentials for agent installation.
d Provide the information for Number of attempts, Retry interval, and Cancel after.
e Select whether the connection used for the deployment is to use a specific Agent Handler or All Agent
Handlers.
4 Click OK to send the agent installation package to the selected systems.


You can revert to the previous version of the agent, by uninstalling the current agent and installing the version
you need.
Task
1 On the client system, uninstall the currently installed version of the agent.
2 On the client system, install the earlier version of the agent.
Tasks, policies, and other data is restored at the first agent-server communication following reinstallation.

A Removing McAfee Agent
When you select Remove McAfee Agent on next agent-server communication while deleting a system from the System
Tree, McAfee Agent is removed from the system during the next agent-server communication.
If managed products still reside on systems after trying to remove McAfee Agent, it continues to run
unmanaged in updater mode to maintain those managed products.
You cannot remove McAfee Agent using the Product Deployment task.
Removing the DXL client

The DXL client is automatically removed when McAfee Agent is removed.
Consider the following scenarios when removing the DXL client.

• When the agent is removed from the managed system, the DXL client gets automatically removed.
• On Windows systems, when the agent mode changes from managed to updater, during the agent removal,
the DXL client does not get uninstalled from the client system.
Contents
Remove agents when deleting systems from the System Tree
Remove agents when deleting groups from System Tree (Windows only)
Remove agents from systems in query results
Remove the agent using Windows command line
Remove the agent in unmanaged mode using Control Panel
Remove the agent using non-Windows command line
Remove agents when deleting systems from the System Tree

You can remove McAfee Agent from a system by deleting it from the System Tree.
Task
1 Select Menu | Systems | System Tree, then select the group with the systems you want to delete.
2 Select the systems from the list, then click Actions | Directory Management | Delete.
3 Select Remove McAfee Agent on next agent-server communication, then click OK.

You can remove McAfee Agent from a group of systems when you delete that group from System Tree.
When you delete a group, all its child groups and systems are also deleted.
Task
1 Select Menu | Systems | System Tree, then select a group to be deleted.
2 At the bottom of the System Tree panel, click System Tree Actions | Delete Group.
3 Select Remove McAfee Agent on next agent-server communication from all systems, then click OK.
Remove agents from systems in query results

Remove the agents from systems listed in the results of a query.
Task
1 Run a query, then from the results page, select the systems to be deleted.
2 Select Directory Management from the drop-down list, then select Delete from the submenu.
3 Select Remove McAfee Agent on next agent-server communication, then click OK.
Remove the agent using Windows command line

You can run the agent installation program to remove the agent from client systems, using the Windows
command-line option.
Task
1 Open a command prompt on the target system.
2 Run the agent installation program, FrmInst.exe, from the command line with the /REMOVE=AGENT
option.
If there are managed McAfee products installed on the client system already, the agent continues to run in
the updater mode. In this scenario, the DXL client does not get uninstalled.
To remove the agent forcibly from the Windows client system, run the command FrmInst.exe /
FORCEUNINSTALL. In this scenario, the DXL client gets uninstalled automatically. If the agent is still not
removed, remove the agent manually. For details, see KB65863.
Remove the agent in unmanaged mode using Control Panel

In unmanaged mode, you can remove the agent from the client system using Control Panel.
In this scenario, the DXL client gets uninstalled automatically. The agent removal using Control Panel is not
allowed in managed mode.

Removing McAfee Agent
Remove the agent using non-Windows command line A
Task
1 Open the Control Panel window on the target system.
2 Select Programs and Features.
3 Right-click McAfee Agent program and select Uninstall.
4 Click Yes to confirm uninstall the agent.
If there are McAfee products installed on the client system already, the agent continues to run in the updater
mode. In this scenario, the DXL client does not get uninstalled.

You must manually remove the agent from non-Windows systems.
The task involves:
• Removing the agent from the system.
• Removing the system names from the McAfee ePO System Tree.
Task
2 Run the command for your operating system to remove the agent from the system. Provide root credentials
when requested.
Operating system Commands

Linux /opt/McAfee/agent/scripts/uninstall.sh
You can also use below commands to remove individual packages.
rpm -e MFEdx
rpm -e MFEcma
rpm -e MFErt
Run the commands in the listed order.
Debian /opt/McAfee/agent/scripts/uninstall.sh
You can also use below commands to remove individual packages.
dpkg --purge mfedx
dpkg --purge mfecma
dpkg --purge mfert
Run the commands in the listed order.
Mac /Library/McAfee/agent/scripts/uninstall.sh

3 On McAfee ePO, select Menu | Systems | System Tree, then select the systems where you uninstalled McAfee
Agent.
4 From the Actions drop-down list, select Directory Management, then select Delete from the submenu.

Index
A F
agent FRAMEPKG.EXE 20
removal methods 55, 56
removing from systems in query results 56 G
restoring a previous non-Windows version 54 global unique identifier (GUID)
restoring a previous Windows version 53 duplicate 25
system requirements 17 groups
uninstalling 56 deleting from System Tree 56
upgrading with phased approach 48 GUID, See global unique identifier
agent distribution
FrmInst.exe command line 56 I
agent installation
installation script (install.sh) options 41
command-line options 32
creating custom packages 32
L
from an image 25
manually on Windows 29 Locale IDs, settings for installation 32
on non-Windows 36 Logon scripts
on Windows via push technology 28 install the agent via 30
package, location of 20, 30
uninstalling 56 N
update packages 48 non-Windows
using logon scripts 30 agent package file name 36
agent upgrade 47, 48 installing the agent on 36
agent-server communication
interval, (ASCI) 25
O
operating systems
C
McAfee Agent 17
command-line options
agent installation 32
P
FrmInst.exe 56
credentials packages
required for agent installation 32 agent file name, for non-Windows 36
creating custom for agent installation 32
push technology
D
initial agent deployment via 28
Data Execution Prevention (DEP) 17
deployment
Q
push technology via 28
upgrading agents 48 queries
removing agents in results of 56
E
extension files
non-Windows, agent package file name 36

Index
R U
removal uninstallation
agent, from UNIX systems 57 agent, from Macintosh OS 57
requirements agent, from UNIX systems 57
operating systems 17 UNIX
processors 17 uninstalling the agent from 57
updates
S agent installation packages 48
upgrading agents 48
scripts, logon for agent installation 30
user accounts
Smart Installer 24
credentials for agent installation 32
system requirements 17
System Tree
deleting systems from 55 V
removing agents 56 virtual image
removing agents from systems 55 non-persistent 27
T
troubleshooting
upgrading agents by group 48

0-00

Mcafee Agent 5.6.X Installation Guide

Uploaded by

Copyright:

Available Formats

Mcafee Agent 5.6.X Installation Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mcafee Agent 5.6.X Installation Guide

Uploaded by

Copyright:

Available Formats

McAfee Agent 5.6.

2 McAfee Agent 5.6.x Installation Guide

3 Install software for the first time 19

4 Upgrading and restoring agents (McAfee ePO On-Premises) 47

McAfee Agent 5.6.x Installation Guide 3

Upgrade the agent manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

A Removing McAfee Agent 55

4 McAfee Agent 5.6.x Installation Guide

Which type of installation do you need?

First-time installation workflow

McAfee Agent 5.6.x Installation Guide 5

First-time installation using McAfee ePO On-Premises

6 McAfee Agent 5.6.x Installation Guide

First-time installation using McAfee ePO Cloud

Product name conventions

Methods of installing the agent

You can install the agent manually on unmanaged systems.

McAfee Agent 5.6.x Installation Guide 7

Install from McAfee ePO (McAfee ePO On-Premises)

8 McAfee Agent 5.6.x Installation Guide

Install manually (McAfee ePO On-Premises)

McAfee Agent 5.6.x Installation Guide 9

Install using third-party deployment (McAfee ePO On-Premises)

10 McAfee Agent 5.6.x Installation Guide

Install using logon scripts on Windows systems (McAfee ePO On-

Install using install scripts on non-Windows systems (McAfee ePO On-

McAfee Agent 5.6.x Installation Guide 11

Install the agent on an image (McAfee ePO On-Premises)

12 McAfee Agent 5.6.x Installation Guide

Deploy using McAfee Smart Installer

McAfee Agent 5.6.x Installation Guide 13

Install in Virtual Desktop Infrastructure mode

Upgrade installation workflow

Upgrade using packages from the download site

2 Install the McAfee Agent extension on McAfee ePO.

4 Upgrade the agent on client systems using Product Deployment task.

Upgrade using Software Catalog

14 McAfee Agent 5.6.x Installation Guide

McAfee Agent 5.6.x Installation Guide 15

16 McAfee Agent 5.6.x Installation Guide

• Memory — 512 MB RAM (minimum)

• Processor speed — 1 GHz (minimum)

Supported operating systems and processors

Supported McAfee products

Additional supported platforms

• ESX • Citrix XenDesktop

• VMware Workstation • VMware Server

McAfee Agent 5.6.x Installation Guide 17

Ports used by the agent

Ports Protocols Traffic direction

8082 UDP Inbound connection to McAfee Agent.

8083 UDP RelayServer discovery for previous versions of McAfee Agent.

18 McAfee Agent 5.6.x Installation Guide

McAfee ePO On-Premises

McAfee ePO Cloud

McAfee Agent installation package (McAfee ePO On-Premises)

McAfee Agent with integrated McAfee Data Exchange Layer (DXL)

McAfee Agent 5.6.x Installation Guide 19

McAfee Agent installation package (McAfee ePO On-Premises)