Create Smart Group based on Activity Monitor process?

benfishner
New Contributor

Reading about the recent malware issue with Handbrake, I was wondering if it's possible to create a smart group in JSS that would include any computers that have “Activity_agent” in the OSX Activity Monitor application.

Has anyone done anything like this?

2 REPLIES 2

thoule
Valued Contributor II

Two options. Can you see it with launchctl?

sudo launchctl list

(make sure you do sudo so you see root's processes as that's how jamf will run it) and see if it's listed there. If so, you can create a smart group with "Running Service 'Has' com.name.handbrake".

If it's only as a process, then you need to create an Extension Attribute

#!/bin/sh                                                                                                                                                         
hazIt=$(ps auxw |grep "Activity_agent"| grep -v grep)
if [ -z $hazIt ]; then
    echo "<result>Not on this one</result>"
else
    echo "<result>Has Activity Agent</result>"
fi

chriscollins
Valued Contributor

Another thing you may want to do is set up a software restriction to kill the process if it tries to spawn on the machine.