Cyberark EPM Agent installation on macOS

Kapil
New Contributor III

Hi All,

I have created the CyberArk config profile with below info and it got installed successfully.

1) Approved kernel extension with bundle id: DF8U2CCCD8

2) PPPC with the following: Identifier: com.cyberark.CyberArkEPMEndpointSecurityExtension
Code Requirement:
anchor apple generic and identifier "com.cyberark.CyberArkEPMEndpointSecurityExtension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] / exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = DF8U2CCCD8)
Service:
SystemPolicyAllFiles = Allow

3) System Extensions:
It will not work with the Team ID only. In my testing you must add the system extension for this to work.
Team ID: DF8U2CCCD8
Allowed System Ext: com.cyberark.CyberArkEPMEndpointSecurityExtension

I was executing the installer via below cmd as a script:
sudo /private/tmp/Install CyberArk EPM.app/Contents/MacOS/CyberArkEPMInstaller -configuration /private/tmp/CyberArkEPMConfiguration.json -installationKey XXXXXXXX -adminUser XYZ -adminPassword XYZ -nonAdminEPMUser

But the policy got failed and received below error in logs:
Script result: Could not complete installation on this computer: ExecutionError(executablePath: "/usr/sbin/installer", arguments: Optional(["-pkg", "/private/tmp/Install CyberArk EPM.app/Contents/Resources/CyberArkEPM.pkg", "-target", "LocalSystem"]), terminationStatus: 1, errorMessage: Optional(""))
Remove Endpoint Security extensions Remove launchd agents Remove launchd daemons Remove kext Remove authorization rights Failed to restore authorization right 'com.apple.system-extensions.admin': SecurityError(status: -60005 ("The authorization was denied."), additionalInfo: ("")) Remove PAM modules Remove sudoers settings Remove files and directories Remove users and groups

Can anyone please suggest to sort out this issue?

Thanks

2 REPLIES 2

Npotter229
New Contributor II

@Kapil did you ever get this sorted? I will be needing to do this as well...the only thing I can think of with your question at the end there is to push the PKG via JAMF vs a script. you could try building the pkg in composer and inserting the scripting commands into the pkg as pre/post flights.

Kapil
New Contributor III

Npotter229 Sorry about late reply, Yes I found the fix and deployed successfully to all users (Big Sur and Catalina OS) from JAMF. I just did a same way above, Packaged the Cyberark and CyberArkEPMConfiguration.json file in a private/temp folder and then added a separate script in policy as below

sudo /private/tmp/Install\ CyberArk\ EPM.app/Contents/MacOS/CyberArkEPMInstaller -configuration /private/tmp/CyberArkEPMConfiguration.json -k (installationKey) -withoutPwdRotation

 

Try this and it will work fine without any issues. Thanks