You might need to update ENSM Threat Prevention to the 6200 Engine manually. To manually update the Engine files, use the following steps.
NOTES:
- You must perform the following steps with the user logged in as the root user or issuing commands using sudo.
- Because macOS is UNIX-based, commands in the terminal are case sensitive. Make sure that you type the paths and file names in the correct case. Otherwise, you might experience file does not exist errors.
- Start your web browser and go to the Trellix Security Updates site.
- Download the Engine update epo6200mub.zip (Mac OS X Universal Engine Package for use with ePO).
- In the Finder, click Applications, Utilities, Terminal to open a terminal session.
- Change to the folder with epo6200mub.zip and unzip epo6200mub.zip to the directory epo6200mub.
- Move to the epo6200mub folder using the following command:
cd epo6200mub
- Unzip avengine.zip to the directory avengine.
- Move to the avengine folder using the following command:
cd avengine
- Stop the Functional Module Platform (FMP) with the following command:
/usr/local/McAfee/fmp/bin/fmp stop
- Type the following commands to reload ENSM. Press Enter after each command:
sudo launchctl unload /Library/LaunchDaemons/com.mcafee.ssm.ScanManager.plist
sudo launchctl unload /Library/LaunchDaemons/com.mcafee.ssm.ScanFactory.plist
- Remove the old AVEngine.framework folder from /Library/Frameworks/ using the following command:
rm -rf /Library/Frameworks/AVEngine.framework
- Copy the new AVEngine.framework from the avengine folder to /Library/Frameworks/. Type the following commands, and press Enter after each command:
cp -r AVEngine.framework /Library/Frameworks/
cd /Library/Frameworks/
chown root:wheel AVEngine.framework
chmod 755 AVEngine.framework
- Read the old EngineVersion in the Plist using the following command:
sudo defaults read /Library/Preferences/com.mcafee.ssm.antimalware.plist Update_EngineVersion
- Add the EngineVersion into the Plist using the following command:
sudo defaults write /Library/Preferences/com.mcafee.ssm.antimalware.plist Update_EngineVersion -string 6200.9189
- Start the Functional Module Platform (FMP) with the following command:
/usr/local/McAfee/fmp/bin/fmp start
- Close the ENSM console (if it is opened) and reload ENSM. Type the following commands, and press Enter after each command:
sudo launchctl load /Library/LaunchDaemons/com.mcafee.ssm.ScanManager.plist
sudo launchctl load /Library/LaunchDaemons/com.mcafee.ssm.ScanFactory.plist
- To verify the change, enable debug logging for ENSM and check /var/log/McAfeesecurity.log or check the About box for ENSM.