McAfee Agent command-line switches
https://kc.mcafee.com/corporate/index?page=content&id=KB52707
Configuration Profiles in macOS
What allowed extensions or filters are required to enable McAfee endpoint products to successfully protect your Mac depends on what version of macOS you are running. McAfee provides sample configuration profiles (in the KB links below) that you can directly import or use for inspiration in building your own. It doesn’t hurt to use the same profiles on multiple OS versions as the older OS versions will just ignore what doesn’t apply. All configuration profiles are required for successful use of McAfee endpoint products on Mac.
Note to Mac Admins: Bundle IDs for Extensions (System or Kernel) need to be explicitly defined in Big Sur and Monterey. Please view the Kext KB links below for the bundle IDs.
Note to Jamf Pro Admins: Uploading a System Extension config profile is currently broken (PI-008562). You will have to create and populate the system extension profile yourself. Click here and here for example screen shots.
https://community.mcafee.com/t5/Mac-and-Linux-Products/Configuration-Profiles-in-macOS/td-p/682601
Remove McAfee Agent saliently push to client form … – Jamf Nation Community – 141927
https://kc.mcafee.com/corporate/index?page=content&id=KB93600
Great Resource:
https://macadmins.cloud/2021/02/19/configuration-profiles/
https://hugonaut.blog/system-extension-how-to-identify-on-macos-create-a-pppc-payload-configuration-profiles-deploy-with-jamf-example-symantec-system-extension/
Link to modify McAfee Deployment
Try Editing:
https://community.jamf.com/t5/jamf-pro/how-to-see-if-user-has-quot-allowed-quot-crowdstrike-inc-in/m-p/232617
#!/bin/sh
STATUS=$(systemextensionsctl list | grep 'com.mcafee.CMF.networkextension' | awk -F' ' {'print $6'})
if [ -z $STATUS ]; then
# System extension not loaded, check for kext
KEXTSTATUS=$(kextstat | grep 'com......')
if [ -z $KEXTSTATUS ]; then
echo "
else
echo "
fi
else
echo "
fi
exit 0
Link to Simple MDM Kernel vs System Extension
https://simplemdm.com/kernel-extensions-system-extensions/
Supported platforms for Endpoint Security for Mac
https://kc.mcafee.com/corporate/index?page=content&id=KB84934
macOS Catalina
Problem for MDM Managed Macs
Because of SKEL, the kernel extensions of ENSM Threat Prevention – on-access scan, Firewall, and Self-Protection, aren’t allowed to load without end-user consent.
Enrollment in MDM automatically disables SKEL with macOS 10.13.3 and earlier. In this case, end-user consent isn’t needed to enable the ENSM Threat Prevention – on-access scan, Firewall, and Self-Protection features.
Starting with macOS 10.13.4, enrolling in MDM doesn’t automatically disable SKEL. The McAfee kernel extensions have to be added in the Kernel Extension Policy payload, to load without end-user user consent.
For more information, see the following Apple articles:
Apple article HT208019
Apple article HT208488
Below are the details for use in the Kernel Extension Policy payload:
McAfee Team Identifier: GT8P3H7SPW
Bundle Identifiers:
com.intelsecurity.FileCore
com.McAfee.AVKext
com.McAfee.FileCore
com.McAfee.FMPSysCore
com.McAfee.mfeaac