com.Jamfsoftware.Jamf.agent disable - ccleaner.app

debrat
Contributor

Has anyone experienced users disabling com.jamfsoftware.jamf.agent using an app like Piriform CCleaner? We have discovered students that are able to run restricted software and bypass web filters by using the app to disable the processes that run at startup.

5 REPLIES 5

bvrooman
Valued Contributor

Sounds like I know what app needs to become a restricted software record of its own. :)

debrat
Contributor

yes we will restrict the app but we are trying to find out which students have the app and which computers we need to force the jamf agent to run again. Also trying to determine how to enable the agent without needing the app. Recon with the app doesn't change the setting on the computer.

Anonymous
Not applicable

I looked at the application you referenced and I believe it is using SMLoginItemSetEnabled which has the equivalent command /bin/launchctl [enable | disable]. Restricting that application might stop more students from disabling the agent but it can also be accomplished from the command line. The underlying problem here is that any normal (non-admin) user always has control over the launchd domain in which the agent is running. That launchd domain by definition is owned by the user and can't be restricted in such a way to disallow the user from disabling the agent. Looking at this I believe you found a product issue/defect. The product issue is the restricted software feature does not function without the agent which can be disabled by the user. Restricted software should only require the daemon running which can only be disabled by an administrator. I will file a product issue on this if one is not already filed.

donmontalvo
Esteemed Contributor III

@cyrus.ingraham wrote:

...[snip]...The product issue is the restricted software feature does not function without the agent which can be disabled by the user. Restricted software should only require the daemon running which can only be disabled by an administrator. I will file a product issue on this if one is not already filed.

Not sure users can disable /Library/LaunchAgents/com.jamfsoftware.jamf.agent...unless the user is an admin (in which case all bets are off).

--
https://donmontalvo.com

Anonymous
Not applicable

@donmontalvo A standard user can disable an agent for their launchd domain but can not disable it for all users. A standard user can not modify the agent's launchd.plist but it can use launchctl to make changes to services in their domain.

/bin/launchctl disable gui/$UID/com.jamfsoftware.jamf.agent
/bin/launchctl bootout gui/$UID /Library/LaunchAgents/com.jamfsoftware.jamf.agent.plist