Hello,
We have deployed Qualys agent on macs for security & monitoring purposes.
Admin users can disable it following these instructions: https://success.qualys.com/support/s/article/000001832#:~:text=Navigate%20to%20Cloud%20Agent%20%2D%3E%20Agent,agent%20and%20revoke%20the%20license
Any idea how to ban user from uninstalling/deleting a specific app/agent ?
Thanks
I recommend setting up a workflow similar to this one ~ https://community.jamf.com/t5/jamf-protect/faster-re-install-of-jamf-protect/m-p/268968
The idea is to have a script run at every check-in that determines the status of said qualys agents, if the script determines the agent to be missing or anything you determine from qualys uninstalled, it will re-install. This is set to your check-in time so it can run every 5 or more minutes if you so choose. (Predicated upon the amount of policies you have set to trigger at recurring check-in, I'd advise start with every 15 minutes)
@Eskobar I'd propose a variant of @Hugonaut 's approach. Rather than have the re-install triggered during the periodic check-in with Jamf Pro, use a LaunchDaemon to periodically check for the presence of the Qualys installation (the existence of /usr/local/qualys/cloud-agent/bin/qagent_uninstall.sh perhaps) and if it isn't found use the jamf binary to trigger re-installation (e.g. 'jamf policy -event InstallQualys' to trigger a policy with the custom trigger 'InstallQualys'). This way you're only running a policy to remediate a Mac when it's necessary, and not checking for Qualys state on every check-in.
@Eskobar I'd propose a variant of @Hugonaut 's approach. Rather than have the re-install triggered during the periodic check-in with Jamf Pro, use a LaunchDaemon to periodically check for the presence of the Qualys installation (the existence of /usr/local/qualys/cloud-agent/bin/qagent_uninstall.sh perhaps) and if it isn't found use the jamf binary to trigger re-installation (e.g. 'jamf policy -event InstallQualys' to trigger a policy with the custom trigger 'InstallQualys'). This way you're only running a policy to remediate a Mac when it's necessary, and not checking for Qualys state on every check-in.
touché sir!
touché sir!
I may have a LaunchDaemon addiction :-)
@sdagley How the extension attribute should be made, below one not working
What should be done if the app and its components are in place but related processes is suspended ?
the client will
stop communicating with server !!!
@sdagley How the extension attribute should be made, below one not working
@Eskobar An EA needs to return its response in a result tag:
#!/bin/sh
CheckFileName="/Library/LaunchDaemons/com.qualys.cloud-agent.plist"
result="False"
if [ -e "${CheckFileName}" ]; then
result="True"
fi
echo "<result>$result</result>"
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.