nbalonso.com

Managing Update Interval for McAfee Security

| Comments

It amazes me to see how some some big companies do try to stay away from what I call standard practices when it comes to operating system software, specially OS X.

I mean, I can understand that an semi-open source like VirtalBox installs stuff in the wrong places or uses old mechanisms to launch at startup and so on. But McAfee, had it being bought by Intel, I’d say should have a couple dozen engineers to read the manuals.

In any case, if you work managing OS X computers in an organization that uses McAfee ePO + Endpoint protection, and you have played around with the ePO server policies you might have noticed that you cannot manage when the Endpoint protection checks for updates. By default the software will be configured to check for virus definitions (DATs in McAfee’s terms) updates once a day at 16:45hs. This is cool if you don’t also have hundreds of school students that leave at 4pm.

After investigating how the thing stores and uses a preference that the user can change it turns out the application stores the data in an sqlite file in /usr/local/McAfee/AntiMalware/var/ , it is stored in cron style aaaaaand it is added to the root’s crontab.

Doh!

Why not just do a plist? this is done from the same company that provides their installer in a 16MB bash file with the binary embedded (insert link to previous post). This looks to me like they have linux people doing the OS X stuff. It ain’t necessary a bad thing, but again “stick to known good standards whenever possible mr. owner of a  Fortune 50 company

After so much trashing here is how you can manage this. Written in bash you can run this as a post flight and deploy it with your favorite tool

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#!/bin/sh
#script to modify the default update schedule of McAfee AntiMalware

LOGGER="/usr/bin/logger"
MCDB="/usr/local/McAfee/AntiMalware/var/VSMacDatabase.db"

#check db existence
if [ ! -f "${MCDB}" ]; then
  $LOGGER -s -t postflight "ERROR: McAfee AntiMalware db not found." 2>/dev/null
  exit -1
fi

#write to db to check every 59mins between 8am-5pm
/opt/local/bin/sqlite3 ${MCDB} "UPDATE TaskTable SET crontime='*/59 8-17 * * *';"

#WARNING! this empties the current crontab for root
/usr/bin/crontab -r

#ask McAfee to fill the crontab with the new settings
/usr/local/McAfee/AntiMalware/VSCronCleaner -u 2>/dev/null

$LOGGER -s -t postflight "SUCCESS: the script has finished" 2>/dev/null

exit 0

PS: and I have not even complained about how they store the product version or what’s with renaming their products. Sometimes I feel I’m only complaining in this blog :s

Comments