McAfee itself is an American global computer security software company having multiple products providing number one security services. Among its several other products, McAfee Endpoint Security (ENS) is its latest Antivirus Product that provides its best protection, strong effectiveness, and alerting against threats. Mcafee ENS is not only the replacement of McAfee VSE (Virus Scan Enterprise) but it's a complete security solution integrated with extensible security features to protect your end systems supporting Linux, MAC and Windows Operating systems.
Antivirus software protects your system from malicious software by blocking them and alerting you in case it found any malicious file on your system.
In this context, we shall look into how to install McAfee ENS Standalone on a Linux System with CentOS 7.
How to install McAfee ENS Standalone on CentOS Linux System ?
Before performing this Installation procedure, ensure that you are using a user with sudo rights.
Then follow the steps given below.
1. Perform System Update
Login to your system and run the below command to update your system with the latest security patches available:
# yum update -y
2. Download McAfee ENS Packages
Open up the Official McAfee Web link and login using your grant number to download the required product versions.
Once you have got the Grant Number to Login to Mcafee, point to the Downloads button and select for the McAfee Agent for Linux package and McAfee Endpoint Security Threat Prevention for Linux Standalone packages.
Once you have downloaded both the packages then upload them to your Linux server where you want to install the setup.
3. Install McAfee Agent
After getting the required packages, let’s start with McAfee Agent installation which is the prerequisite of McAfee ENS.
Extract the archive using the following 'unzip' command:
# unzip MA571LNX.zip
After extracting the archive, use the below command to install it on your system:
# sh install_upd.sh -i
4. Check McAfee Agent Status
Once the installation is complete, run the commands below to check the McAfee Agent Status.
# /etc/init.d/cma status
# /etc/init.d/ma status
5. Install McAfee ENSL Threat Prevention
After we have McAfee Agent installed and running, now are going to install Mcafee ENS Threat Prevention package on our system.
To do so extract the McAfee ENS Threat Prevention package for standalone system and run the command to install it.
# tar –zxvf McAfeeTP-10.7.4-4-Release-standalone.tar.gz
# ./install-mfetp.sh silent
To check the McAfee ENS TP status use below command.
# systemctl status status mfetpd
6. Working with On-Access Scan
Now, we have both our packages installed and running, lets check the status of On-Access Scan whether its enabled or disabled.
First change your directory path to the /bin folder of Mcafee Threat Prevention and then run the command to check its current state:
# cd /opt/McAfee/ens/tp/bin
# ./mfetpcli –getwoasconfig -summary
Here you can see the status of On-Access Scan whether its Enabled or Disabled.
In order to Enable or disable the On-Access scan you can use below commands.
i. To Enable On-Access Scan:
# ./mfetpcli –setoasglobalconfig –oas on
ii. To Disable On-Access Scan:
# ./mfetpcli –setoasglobalconfig –oas off
iii. To monitor logs for the On-Access Scanning activities run the command below to enable it first:
# /opt/McAfee/ens/tp/bin/mfetpcli --oasactivitylog enable
iv. Use below command to read the logs.
# cat /var/McAfee/ens/log/tp/mfetpdactivity.log | tee ENSLScanningFiles.txt
7. Exclude Directory from On Access Scan:
On-Access Scan is a part of McAfee Security Suite, which scan files in real-time to protect your systems but that may slow down your system. This happens when a large amount of data being written mainly on the database servers.
In that case you may exclude those particular files or directories by using the below command.
# cd /opt/McAfee/ns/tp/bin
# ./mfetpcli --setoasprofileconfig --profile standard --addexclusionrw --excludepaths /data/,/usr/pgsql-11/ --excludesubfolder
Here is an example we have excluded "/data" and "/usr/pgsql-11" directories to be excluded along with its sub directories but you may change as per your own directory structure and requirements.
After running the exclude command, make sure to restart 'mfetpd' services.
# systemctl restart mfetpd
How to Uninstall McAfee Agent and McAfee Threat Prevention ?
In case you need to uninstall McAfee agent and threat prevention from your system, you may use the following commands to do that: