Raj2796's Blog

February 1, 2011

Deploying VM template including McAfee

Filed under: vmware — raj2796 @ 4:32 pm

I found this useful post on the mcafee forums

Cloning images containing the McAfee Agent can cause problems for ePO. Duplicate GUIDs and MAC addresses cause the problems.

Once the image is deployed, VirusScan Enterprise protects agains changes, so the batch file below needs to have these protections disabled prior to attempting changing the GUIDs and MAC addresses.

Do this before closing the image so that when the newly deployed image is first started new values will populate automatically with virtually no likely of duplicates. (Well, the MAC address needs to be considered in your environment.)

In order to make either registry change, you will have to temporarily change the default settings within VSE to allow the changes to occur.

From the VirusScan Console

  • Access Protection > Properties
  • Uncheck (unblock) ‘Prevent McAfee services from being stopped’
  • Common Standard Protection
  • Uncheck ‘Prevent modification of McAfee files and settings’
  • Uncheck ‘Prevent modification of McAfee Common Management Agent’

Then run the batch file below, or manually make the changes.

DeleteAgentGUID-MacAddress.Bat:

@echo off
title McAfee AgentGUID and MacAddress Removal Tool – by Ron Metzger
echo.
echo The McAfee Agent communicates with ePO, Protection Pilot, or McAfee’s
echo update services, using registry values of AgentGUID and MacAddress, to
echo uniquely identify each system. Imaging or duplicating a system breaks
echo these unique identifiers. Clearing these values, followed by a reboot or
echo services restart, repopulates these values with new and unique entries.
echo.
echo Prior to duplication, clear these registry entries and create the image
echo before restarting services or rebooting.
echo.
echo Otherwise,
echo.
echo After duplication, clear these values, then reboot or restart the services.
echo.
echo VSE v8.7i (or above) by default, self-protects against certain changes.
echo In order to make either registry change, temporarily disable the
echo self-protection settings within VSE v8.7i (or above).
echo.
echo From the VirusScan Console:
echo Access Protection > Properties
echo Uncheck ‘Prevent McAfee services from being stopped’
echo Common Standard Protection
echo Uncheck (un)Block ‘Prevent modification of McAfee files and settings’
echo Uncheck (un)Block ‘Prevent modification of McAfee Common Management Agent’
echo.
Choice.exe /C:YN /N ” Press Y to continue, N to skip . . . ?”
if ErrorLevel 2 goto Exit

echo Stopping services . . .
net stop McAfeeFramework /yes
net stop McShield /yes
net stop McTaskManager /yes
echo Stopping services, done.

echo Deleting registry entries . . .
REG delete “HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent” /v AgentGUID /F
REG delete “HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent” /v MacAddress /F
REG delete “HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent” /v AgentGUID /f
REG delete “HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent” /v MacAddress /f
echo Deleting registry entries, done.

echo.
echo Please re-enable the self-protection settings within
echo VSE v8.7i (or above) to there original values.
echo.
echo From the VirusScan Console:
echo Access Protection > Properties
echo Check ‘Prevent McAfee services from being stopped’
echo Common Standard Protection
echo Check Block ‘Prevent modification of McAfee files and settings’
echo Check Block ‘Prevent modification of McAfee Common Management Agent’
echo.
Choice.exe /C:YN /N ” Press YN to continue . . . ?”
echo.
echo About to restart McAfee services.
echo This will repopulate AgentGUID and MacAddress values.
echo.
echo Please do Not start these services if Imaging this system Now. (Choose Skip.)
echo.
Choice.exe /c:YN /T:N,15 /N ” Restart Services? Y to continue, N [or wait 15 seconds] to skip . . .
if ErrorLevel 2 goto Exit

echo Starting services . . .
net start McAfeeFramework /yes
net start McShield /yes
net start McTaskManager /yes
echo Starting services, done.

Choice /c:YN /T:Y,15 /N ” Press YN [or wait 15 seconds] to continue . . .
:Exit

This batch file can be used to prep and image or to simply change the values after the image has been issued.Hope this helps. Post back with more questions.

Thanks,

Ron Metzger

originally posted here

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: