The Mac Agent supports the Apple M1 processor. Currently, our agent supports Ventura (13), Monterey (12), Big Sur (11), Catalina (10.15), Mojave (10.14) and High Sierra (10.13). Q: What macOS versions does the Mac Agent support?Ī: Just like Apple, we'll ensure that the Mac Agent supports the current version and the prior three versions. † Requires macOS Full Disk Access Permission at Install Remote Control - "Bring your own" Splashtop Remote Control - "Bring your own" ScreenConnect Remote Control - "Bring your own" TeamViewer System Checks - External Monitoring (ping/http) Scheduled Scripts (on Policy or manual schedule) Sudo rm -f "/Library/LaunchDaemons/.When does the Mac Agent launch-at startup or when the user logs in?įeature Matrix against the Windows Agent FeatureĪgent Icon with Menu - Customizable icon/menu Sudo rm -rf "/Library/Application Support/Cisco" Security -v authorizationdb write authenticate-admin-nonshared Security -v authorizationdb write is-root #For each user, remove the following directory if it exists: Sudo rm -rf "/Library/Application Support/Cisco/Secure Endpoint" Sudo rm -rf /Library/Extensions/ampnetworkflow.kext Sudo rm -rf /Library/Extensions/ampfileop.kext Sudo rm -rf "/Applications/Cisco Secure Endpoint" #All system extensions for .networkextension and .securityextension should be listed with "." Applications/Cisco\ Secure\ Endpoint/Secure\ Endpoint\ Service.app/Contents/MacOS/Secure\ Endpoint\ Service deactivate content_filter Note that this step cannot be executed remotely as the local user is required to enter the password. Applications/Cisco\ Secure\ Endpoint/Secure\ Endpoint\ Service.app/Contents/MacOS/Secure\ Endpoint\ Service deactivate endpoint_security #This should yield the message: Could not find service "" in domain for system. Sudo /bin/launchctl unload /Library/LaunchDaemons/.plist #This should yield the message: Could not find service. bin/launchctl asuser "$uid" sudo -u "$currentUser" /bin/launchctl unload /Library/LaunchAgents/.plist #If this does not stop the menulet, click on it and select Quit Secure Endpoint connector.ĬurrentUser=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name ' ) #/bin/launchctl unload /Library/LaunchAgents/.plist #To manually uninstall Mac connector, run the following commands: #The uninstall procedure for Mac connector versions 1.18.0 and newer varies depending on the version of macOS being used. Just to update here, We got help from one of our vendors (ManageEngine-Endpoint Central) who managed to prepare a script for silent uninstallation of Cisco AMP to any of the latest macOS, simply works like a charm. Thoughts on this? Am I missing any obvious solution? I'd hate to think that from now on, I have no more non-interactive maintenance methods for AMP. so I don't know whose court this ball lies in at the moment. I don't see Apple reversing security changes they've made, but I also understand Cisco has to work within the framework Apple gives them. In a big education environment, this does not scale well. Someone has to physically touch the machine and reinstall AMP. The end result now is that when I find faulted AMP Mac clients, I can't just fix them with a sequence of Jamf policies. Several others over at Jamf Nation have noted the same behavior: (I'm guessing it's unloading/removing extensions?) If the user ignores or cancels this prompt, it leaves AMP in a half-uninstalled, borked state. pkg as root, or manually uninstall via the aforementioned script, the end user is always faced with an authentication prompt from macOS to elevate & approve the uninstallation process. However, in past months, it now seems that due to security changes in macOS, we can no longer silently uninstall the AMP client. Then I'd circle back with another Jamf policy to force install AMP, and the machine would be back in working order with zero faults. pkg that's included in AMP's application folder, or manually removing it via Cisco's documentation. So in years past, I could accomplish this fault-clearing process silently & without my desktop support guys visiting machines simply by running and/or pushing the AMP uninstaller. They don't apply retroactively, but they're ready to go & work fine with a full reinstallation of AMP. Uninstalling/reinstalling typically clears these up quickly, as these items they're supposedly faulting for are approved with our aforementioned Jamf profiles. Inevitably, due to bugs or interruptions or whatever quirk of the day, we wind up with some small number of devices with faults due to "lacking" disk access or extensions, or extensions not being loaded. We pre-approve disk access and extensions with Jamf config profiles for silent AMP endpoint client installations on our macOS devices.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |