McAfee or Intel Enterprise command lines

Mcafee VirusScan Enterprise or Intel Enterprise End Point protection command line reference.

Some common tasks we are frequently asked about are command line options for several Intel and McAfee security products so we have complied a small list of some of the most often used commands for viewing or controlling these products.

Red text = command   Blue text = output displayed after running command.

Viewing Virus Definition, Engine or date Status via command line:

reg query “HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\AVEngine” /v “AVDatVersion”

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\McAfee\AVEngine

AVDatVersion REG_DWORD 0x2343

(Only displays in hex and not decimal format, if you would like to get a report of the actual Dat version in the display gui version try this none admin required PowerShell command,

Get-ItemProperty -Path HKLM:\SOFTWARE\WOW6432Node\McAfee\AVEngine

DAT : c:\Program Files (x86)\Common Files\McAfee\Engine\
szInstallDir64 : c:\Program Files (x86)\Common Files\McAfee\Engine\x64\
szInstallDir32 : c:\Program Files (x86)\Common Files\McAfee\Engine\
EngineVersionMajor : 5900
EngineVersionMinor : 7806
AVDatVersion : 9028
AVDatDate : 2018/09/26
TrjDatDate :
PUPDatDate :
EngineVersion32Major : 5900
EngineVersion32Minor : 7806
AVDatVersionMinor : 0
AVDatDateSys : {226, 7, 9, 0…}
TrjDatVersion : 0 PUPDatVersion : 0
EngineVersion64Major : 5900
EngineVersion64Minor : 7806

If you are looking for a smaller report you can add the specific subkey name, here is an example,

Get-ItemProperty -Path HKLM:\SOFTWARE\WOW6432Node\McAfee\AVEngine -name AVDatVersion

Viewing Agent Status via command line:

These list possible paths to the cmdagent.exe file and if ran with the /p switch it tells the agent to checkin to ePO server right away
if you read the response after running the command it will also state if it is in managed or unmanaged mode.

“c:\program files\mcafee\agent\cmdagent.exe” /p
“C:\Program Files (x86)\McAfee\Common Framework\cmdagent.exe” /p
“C:\Program Files\Network Associates\Common Framework\CmdAgent.exe” /P

2018-09-26 14:02:07.294 cmdagent(4988.7936) cmdagent.Info: Agent is running in unmanaged mode.

Deploying or installing via command line:

c:\VSinstall\setupvse.exe /passive
c:\VSinstall\ePO\FramePkg.exe /install=agent /silent

McAfee Interceptor installer
msiexec /i c:\VSinstall\Interceptor_x64.msi /passive

Removing or uninstalling via command line:

Occationally things are not as they should be and normal uninstall tactics do not work but here is one command often used they might be ran first before any other removal can be successful

“C:\Program Files\ McAfee\Agent\maconfig.exe” -provision -unmanaged      (Then uninstall normally, this issue is most often related to ePO based agents. This command places the install in un- managed mode)

Normal removal command examples follow,

McAfee product improvement:
MsiExec.exe /x{D45EAF28-A176-41B3-98B7-20375F0A1ADF} /passive /norestart

McAfee 8.7 agent
MsiExec.exe /X{AA951B10-7089-4D60-B288-516E641F48E6} /QN

McAfee 8.7
MsiExec.exe /X{147BCE03-C0F1-4C9F-8157-6A89B6D2D973} /QN

McAfee 8.8 agent included with virusscan:
MsiExec.exe /X{D107EA80-023A-443C-AA79-1C4B0CB2E227} /QN

McAfee 8.8, p2 and up:
MsiExec.exe /X{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF} /passive /norestart

McAfee Interceptor removal
msiexec /x c:\VSinstall\Interceptor_x64.msi /passive

Agent removal via command line:

“C:\Program Files (x86)\McAfee\Common Framework\FrmInst.exe” /forceuninstall
“C:\Program Files (x86)\McAfee\Common Framework\x86\FrmInst.exe” /forceuninstall
“C:\Program Files\McAfee\Agent\x86\FrmInst.exe” /forceuninstall