I'm having some difficulty figuring out how to use Casper to install Cylance on every Mac in our organization. I've tried to create a shell script that will run it (not through Casper yet) but when I try on a test Mac it fails.
I have the Cylance.pkg and a cylance_install_token file in the same folder as the script. I copied the verbiage from a larger script that someone in our InfoSeec team had created a while ago to install this and other security software and it works there. Maybe I missed something?
If I can get this script to actually install it then I can go to the next step and figure out how to use Casper to push it out.
!/bin/sh
Cylance AV Client Install
echo "Installing Cylance AV Agent for Mac.
";
echo "Cylance AV Agent Start: " date"
" >> $LOG;
installer -pkg CylancePROTECT.pkg -target LocalSystem
echo "Cylance AV Agent Stop: " date"
" >> $LOG;
echo "Completed Cylance AV Agent for Mac Installation.
";
The output I get from Terminal is
BUR-JMENDEL4-i:~ jmendel$ /Users/jmendel/Desktop/Cylance Installer/Cylance.sh
Installing Cylance AV Agent for Mac.
/Users/jmendel/Desktop/Cylance Installer/Cylance.sh: line 5: $LOG: ambiguous redirect
installer: Error the package path specified was invalid: 'CylancePROTECT.pkg'.
/Users/jmendel/Desktop/Cylance Installer/Cylance.sh: line 7: $LOG: ambiguous redirect
Completed Cylance AV Agent for Mac Installation.
BUR-JMENDEL4-i:~ jmendel$
@Chris_Hafner There's an option in Cylance to require an uninstall password. Due to the nature of our business, we have this enabled for all of our end users. So the command you just provided will yield an error because Cylance is expecting them/us to enter in that password. The command you provided is for a silent uninstall, which I'm not sure will work when the uninstall password is required.
We've been working on an unrelated issue (the one that caused this issue) with Cylance and they informed us that the best way to resolve this is actually to write a script/create a pkg that just pushes out the installation token, which is what I'm working on now. Thanks for your help and quick response but I think I've got it covered since chatting with Cylance.
**
I'm glad to hear it. I've also got to laugh a bit as it took me way TOO long to get back to this thread. What have you learned from Cylance?
@Chris_Hafner Well, we're still having tons of issues with them but it's more in regards to our PC deployment, not Mac. I was able to get everything working on the Mac side except for hiding the UI up in the status bar. Any chance you are aware of an easy way to integrate that into the policy? I like the workflow you laid out so modifying the .pkg would be difficult and I've yet to find a script that would modify the info.plist file to disable the UI for Cylance.
Anyone have any solutions on this?
Interesting. I never thought of that but I can see why you might want that to happen. Off the top of my head, I have no idea. I KNOW it's doable in Sierra because the user can simply drag it out fo their dock (just tried it). However, it must be in a menu extra plist somewhere. I'm currently breaking our new NAGIOS server but when Iv;e got a free moment I'll see if I can figure this out for Sierra at least. Hopefully, someone will jump in with a great idea in the mean time!
@Chris_Hafner I appreciate your time whenever you can. As per their support article, it's a simple attribute "NoCylanceUI". However, I tried to be cute and add it to your shell script as the following:
#!/bin/sh
#!/bin/bash
echo PLACE_TOKEN_HERE NoCylanceUI > /private/tmp/Cylance/cyagent_install_token
sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target /
exit 0
But that didn't work. It installed successfully, obviously, but then was prompted for the install token. So it definitely didn't like my addition to the shell script. Thanks in advance for any help you (or anyone) is able to provide. I've definitely learned that Cylance is a fickle, fickle thing when it comes to installing and uninstalling for both Mac and Windows.
@rosskivowitz I can't test this but from reading the site, I found this within that support article.
The echo command outputs a cyagent_install_token file, which is a text file with one installation option per line
Each installation option must has it's own line so a line break may be needed. Try running this instead
#!/bin/sh
echo 'InstallToken
NoCylanceUI' > /private/tmp/Cylance/cyagent_install_token
sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target /
exit 0
@fgeronimo Thanks for that. I tried it and it still took some caressing but I was ultimately able to get it working. Thanks for your help as well @Chris_Hafner!
Ross
@rosskivowitz I'm glad that you got it sorted. What was the solution?
@Chris_Hafner To be honest, I think somehow my copy/paste got messed up. I went back and looked at it again last night and I must have tried something funky yesterday. My script is exactly the same as @fgeronimo's, however, when I tried theirs, it prompted me for my install token. I tried it again later on and it worked so I definitely must have messed up the copy/paste which is, needless to say, hard for me to admit. But the following script worked for us:
#!/bin/sh
echo 'InstallToken
NoCylanceUI' > /private/tmp/Cylance/cyagent_install_token
sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target /
exit 0
Thanks everyone!
@rosskivowitz It happens to the best of us! Thanks for adding the clarification. This is great info for everyone to have!
@Chris_Hafner I had to come on here just to thank you for the instructions for Cylance to install! I too was having issues which related to simple permissions. After recompiling and uploading back to JSS, it quickly installed on my machine without issues. Thanks again!
@YoshiiZee That's great to hear! I have to admit, I'm loving Cylance and I hope you do as well!
Thanks guys, this thread helped me a lot! I used it to setup and deploy CB Defense (Confer).
Has anyone had any luck with getting the script to work with the most recent release of Cylance? I'm new to JAMF and have had lots of issues with trying to get the script to work properly.
Yep. We've distributed 2.0.1450 to several hundred computers and ran an in-place upgrade for a similar amount. What seems to be the issue?
I'm having a extremely hard time trying to get the script to work properly. The .pkg file I created in Composer finishes successfully though Cylance is not installed. Also, when I run the script (by running "sudo sh /private/tmp/Cylance/install_cylance_with_token.sh") a new file is created that contains the token but the below errors are displayed.
myusername$ sudo sh /private/tmp/Cylance/install_cylance_with_token.sh : command not founde/install_cylance_with_token.sh: line 3: installer: Error trying to locate volume at / : command not founde/install_cylance_with_token.sh: line 6:
I've verified the folder permissions are correct in Composer but still no luck. I'm fairly new to scripting with macOS (and also with JAMF in general) though I copied the script from the original post to verify I didn't miss something.
OK, just to cover all of our bases. Please double check the following. There should be a Directory in /private/tmp called Cylance. This will look like this in Composer (feel free to remove the .DS_Store)
I've screwed this up in the past by changing the name of something... like the installer package itself.
The "install_cylance_with_token.sh" contains the following (note, TOKEN-GOES-HERE should be repalced by your actual token):
#!/bin/sh
#!/bin/bash
echo TOKEN-GOES-HERE > /private/tmp/Cylance/cyagent_install_token
sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target /
exit 0
The PostInstall script will look just like this:
What appears to be different with what you have?
The post install script was not present, I added it and then from a Terminal ran "sudo sh /Private/temp/Cylance/install_cylance_with_token.sh and it ran without issue. I re-saved the /Private/temp/Cylance/install_cylance_with_token.sh on the device and I just tested it via JAMF.
Thank you for your help, I really appreciate it!!
Hi All - Hoping you can assist
I've created the unattended sh file with the following content
!/bin/sh
!/bin/bash
echo PLACE_TOKEN_HERE > /private/tmp/Cylance/cyagent_install_token
sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target /
Packaged into composer and uploaded to jamf. when the command to run the unattended file initiates, it installs cylance and creates a txt file called cyagent_install_token in the location of where the install install pkg is contain the "token" and then Cylance pops up asking to input the token key
I'm I going wrong somewhere, as I would like the token to be entered too during the installation
@Quan.nong Are yous till dealing with this? Sorry, I haven't been following this post very well. I would start looking into permissions but I figured I'd verify you still have the issue first.
@Chris_Hafner Thanks for following up Chris. We've actually parked this solution, due to us renewing our license with Sophos
Did anyone have an issue with the execution script saying "permission denied" when running from /private/tmp/Cylance? The script looks right, but I can't get the script to run...
@cmudgeUWF No, but when I built my Cylance package in Composer I set the package and everything in it to full read/write for everybody. I haven't had any permission issues with it.
I think I managed to figure it out. I got root to have permissions, and it seems to work ok now.
I am able to get Cylance installed correctly, but the pkg also installs an Uninstaller app that I dont want on the users machine. Does anyone know how to remove it?
