Jamf Nation Community

raphhyyy · ‎03-14-2019

I've read in all the other articles/discussions on people having the same issues as me in deploying the new version of AMP... but have yet to see a clear-cut solution on getting this deployed...

I've seen the "solution" of finding the hidden policy.xml file in the DMG, but am still a little confused about that part....

Can anyone (maybe not exactly) step-by-step have an easier way of deploying this?

winterboer · ‎09-23-2021

Could someone check my work and see if I've built these correctly?

I'm still getting the "requests to allow" prompts in security and privacy when installing it.

Also, any suggestion on how to push the config for full disk access?

macOS Big Sur

Cisco Amp v1.16.0841

ubcoit · ‎09-23-2021

@winterboerI don't have time to confirm your profiles right now but I don't see a Content Filter. Also, it's suggested to make individual profiles for each settings, kernel, system, pppc and content filter so that you can scope things better per version of macOS. Something else to keep in mind, the profiles need to be installed and the system rebooted prior to installing AMP or you will still get the prompts. At least that is my experience.

ubcoit · ‎09-27-2021

@winterboerHere are my profiles, all separate for scoping. These work for us, provided they are installed to Big Sur and the system rebooted before Cisco AMP is installed. Note, Kernel extensions aren't scoped to Big Sur.

Content Filter

Kernel Extension

PPPC 1

PPPC 2

PPPC 3

System Extension 1

System Extension 2

winterboer · ‎09-27-2021

I had to upgrade JAMF to the latest build and now can test what you've posted. Thank you very much for the help.

Nateman · ‎10-05-2021

Hi everyone, thanks for the info, this post has been most helpful.

One more question from another Jamf newb - how do you ensure the Configuration Profiles install and reboot the machine before the Policy runs the script to install AMP?

tsylwest · ‎10-25-2021

Observation:

when installing AMP 1.16.1 via @iJake 's script on MacOS Monterey (last Beta before release: Build 21A5552a), the standard script kept failing with the latest URL. It worked fine in a browser though.

When running the script manually, I kept getting the "Unable to retrieve DMG url. Exiting..." error. So after changing the script a little and changing the download URL in the policy, doing the following made it work:

1. removed the "?product=MacProduct" part of the download URL as provided by Cisco's console. Not sure why this made it work...

2. changed the case of the 'L' of "Location" to lowercase so that it shows:

dmgURL=$(curl --head "$redirectingURL" | grep "location:" | awk '{print $2}')

This worked because it seems as if the http headers return 'location:' and not 'Location:' which the script looks for with grep. I assume there's a grep switch to ignore case, but my script-foo is weak, so just got it working and rolling with it for now until some script guru can come up with a proper fix 🙂

Hope this helps if anyone else comes across this issue

mm2270 · ‎10-25-2021

@tsylwest the syntax you’re looking for is grep -i “string” That turns on grep’s case insensitivity mode.

tsylwest · ‎10-25-2021

@mm2270 Thanks for the tip 😊 much appreciated, will give that a go!

winterboer · ‎10-26-2021

I guess I don't know how to use the script that @iJake has kindly offered up. I've loaded it up in jamf and see this. What am I missing or doing wrong?

ubcoit · ‎10-26-2021

@winterboerMight want to remove your AMP URL from that photo. Might not. 😉 Your download works, I see it's 32 MB. I'm deploying 1.15.6.842 (29.2 MB) tested and still working this morning. Perhaps something has changed with a newer version?

Also, as noted above, Location changed to location (which I edited in my script). Perhaps you just need to add a -i to the grep command.

++grep Location: to ++grep -i Location:

Line 13 in my script:

dmgURL=$(curl --head "$redirectingURL" | grep -i "Location:" | awk '{print $2}')

winterboer · ‎10-26-2021

Thank you very much for the reminder. I've cleaned it. I'll mod the script and see what happens.

ubcoit · ‎10-26-2021

@winterboerMight want to double check that, url is still in the photo.

Glad you got it working.

If you want the script less chatty, just add a # in front of the set -x at the top or remove it completely. I often use it when troubleshooting and getting things going then comment it out.

winterboer · ‎10-26-2021

@ubcoit Thank you for your help, it works as expected.

dlondon · ‎10-26-2021

I didn't remove "?product=MacProduct" but I did add the "-i" after grep and it fixed the script for me.

I think the web page that it gets must have changed "Location" to "location" ... it's not a change in curl

jeremya · ‎01-12-2022

My download URL recently changed, so if you get the failed to download error, go check your URL in the amp portal.

ubcoit · ‎01-12-2022

I believe they expire at some point by design?

ProsperIT · ‎01-26-2023

Hey Guys,

Anyone had success in 2023 with the new Cisco Secure Endpoint (VS AMP)? Any tips if so, as we are hitting roadblocks.

jamf-42 · ‎01-26-2023

installing fresh or upgrade? due to the hidden .policy.xml i re-pack in composer and use a script to install in pkg. i'm using this to upgrade from AMP and so far no issues. Note of course all the requirement for config profile PPPC, System Ext, Content Filter.. what versions are you going from - to?

#!/bin/sh
## postinstall

BASE="/private/tmp/camp"

PKG="${BASE}/ciscoampmac_connector.pkg"
XML="${BASE}/.policy.xml"

if [[ -e "$PKG" && -e "$XML" ]]; then
    /usr/sbin/installer -pkg "$PKG" -tgt /
    RES=$?
else
    echo "Package or XML was missing. Aborting installation…"
    exit 1
fi

if [ $RES == 0 ]; then
    ## Cleanup folder payload
    rm -Rfd "$BASE"
    exit 0
else
    echo "Installation may have failed with exit code $RES"
    exit $RES
fi

postinstall

sure i borrowed that script from somewhere..

ProsperIT · ‎01-26-2023

Truly appreciate the quick feedback! This is for a fresh/new install, most recent version

ubcoit · ‎01-26-2023

I'm deploying 1.21.0.885 with the script provided here on Jamf.

#!/bin/bash

#set -x

#ciscoAMPPath="/Applications/Cisco AMP/AMP for Endpoints Connector.app/Contents/Info.plist"
redirectingURL="$4"
localInstallerVolume="/Volumes/ampmac_connector"
localInstallerPackage="ciscoampmac_connector.pkg"
tmpFolder="/Library/CiscoAMPtmp"

checkAndGetURLs()
{
dmgURL=$(curl --head "$redirectingURL" | grep -i "Location:" | awk '{print $2}')
if [[ -z $dmgURL ]]
  then
    echo "Unable to retrieve DMG url. Exiting..."
    exit 1
fi

echo "DMG URL found. Continuing..."

dmgFile=$(basename "$(echo $dmgURL | awk -F '?' '{print $1}')")
dmgName=$(echo "${dmgFile%.*}")
}

downloadInstaller()
{
mkdir -p "$tmpFolder"
echo "Downloading $dmgFile..."
/usr/bin/curl -L -s "$redirectingURL" -o "$tmpFolder"/"$dmgFile" --location-trusted
}

installPackage()
{
if [[ -e "$tmpFolder"/"$dmgFile" ]]
  then
    hdiutil attach "$tmpFolder"/"$dmgFile" -nobrowse -quiet
    if [[ -e "$localInstallerVolume"/"$localInstallerPackage" ]]
      then
        echo "$localInstallerPackage found. Installing..."
        /usr/sbin/installer -pkg "$localInstallerVolume"/"$localInstallerPackage" -target /
        if [[ $(echo $?) -gt 0  ]]
          then
            echo "Installer encountered error. Exiting..."
            hdiutil detach "$localInstallerVolume" -force
            rm -Rf "$tmpFolder"
            exit 1
          else
            echo "Successfully installed "$localInstallerPackage". Exiting..."
            hdiutil detach "$localInstallerVolume" -force
            rm -Rf "$tmpFolder"
            exit 0
        fi
    fi
  else
    echo "$dmgFile failed to download. Exiting..."
    exit 1
fi
}

checkAndGetURLs
downloadInstaller
installPackage

ANSelker · ‎06-27-2024

Have been struggling with AMP install in our lab environment for a long time and this script seems to get me most of the way there (some naming convention changes to the app and installer for example). This may be a silly question but my attempts to make this work always seem to fail as they are unable to retrieve the DMG URL. I have tried both posted versions of the code (one with the URL inserted into the code and one with the URL defined as variable $4.) Does anyone have any thoughts why this may be failing? Thanks in advance!

ANSelker · ‎06-27-2024

Aha I can see some additional fixes to the script re: DMG location above. I apologize for appearing to not read the post fully.

Jamf Nation Community

Deploying Cisco Amp v.1.9