Help

Create Smart Group based on Activity Monitor process?

benfishner
New Contributor

Posted on ‎05-08-2017 10:45 AM - last edited on ‎03-04-2025 07:57 AM by Community Manager

Reading about the recent malware issue with Handbrake, I was wondering if it's possible to create a smart group in JSS that would include any computers that have “Activity_agent” in the OSX Activity Monitor application.

Has anyone done anything like this?

Labels:
0 Kudos
Reply
2 REPLIES 2

thoule
Valued Contributor II

Posted on ‎05-08-2017 12:37 PM

Two options. Can you see it with launchctl?

sudo launchctl list

(make sure you do sudo so you see root's processes as that's how jamf will run it) and see if it's listed there. If so, you can create a smart group with "Running Service 'Has' com.name.handbrake".

If it's only as a process, then you need to create an Extension Attribute

#!/bin/sh                                                                                                                                                         
hazIt=$(ps auxw |grep "Activity_agent"| grep -v grep)
if [ -z $hazIt ]; then
    echo "<result>Not on this one</result>"
else
    echo "<result>Has Activity Agent</result>"
fi
0 Kudos
Reply

chriscollins
Valued Contributor

Posted on ‎05-08-2017 04:31 PM

Another thing you may want to do is set up a software restriction to kill the process if it tries to spawn on the machine.

0 Kudos
Reply
li.common.scroll-to.top