Deploying Cisco Amp v.1.9

New Contributor III

I've read in all the other articles/discussions on people having the same issues as me in deploying the new version of AMP... but have yet to see a clear-cut solution on getting this deployed...

I've seen the "solution" of finding the hidden policy.xml file in the DMG, but am still a little confused about that part....

Can anyone (maybe not exactly) step-by-step have an easier way of deploying this?


New Contributor III

Could someone check my work and see if I've built these correctly? 

I'm still getting the "requests to allow" prompts in security and privacy when installing it.

Also, any suggestion on how to push the config for full disk access?

macOS Big Sur 

Cisco Amp v1.16.0841

Screen Shot 2021-09-23 at 12.02.05 PM.pngScreen Shot 2021-09-23 at 12.01.52 PM.pngScreen Shot 2021-09-23 at 12.01.07 PM.png

@winterboerI don't have time to confirm your profiles right now but I don't see a Content Filter.  Also, it's suggested to make individual profiles for each settings, kernel, system, pppc and content filter so that you can scope things better per version of macOS.  Something else to keep in mind, the profiles need to be installed and the system rebooted prior to installing AMP or you will still get the prompts.  At least that is my experience.

@winterboerHere are my profiles, all separate for scoping.  These work for us, provided they are installed to Big Sur and the system rebooted before Cisco AMP is installed.  Note, Kernel extensions aren't scoped to Big Sur.

Content FilterContent Filter


Kernel ExtensionKernel Extension








System Extension 1System Extension 1


System Extension 2System Extension 2


New Contributor III

I had to upgrade JAMF to the latest build and now can test what you've posted. Thank you very much for the help. 

New Contributor

Hi everyone, thanks for the info, this post has been most helpful. 

One more question from another Jamf newb - how do you ensure the Configuration Profiles install and reboot the machine before the Policy runs the script to install AMP?



when installing AMP 1.16.1 via @iJake 's script on MacOS Monterey (last Beta before release: Build 21A5552a), the standard script kept failing with the latest URL. It worked fine in a browser though.

When running the script manually, I kept getting the "Unable to retrieve DMG url. Exiting..." error. So after changing the script a little and changing the download URL in the policy, doing the following made it work:

1. removed the "?product=MacProduct" part of the download URL as provided by Cisco's console. Not sure why this made it work...

2. changed the case of the 'L' of "Location" to lowercase so that it shows:

dmgURL=$(curl --head "$redirectingURL" | grep "location:" | awk '{print $2}')

This worked because it seems as if the http headers return 'location:' and not 'Location:' which the script looks for with grep. I assume there's a grep switch to ignore case, but my script-foo is weak, so just got it working and rolling with it for now until some script guru can come up with a proper fix 🙂

Hope this helps if anyone else comes across this issue

Legendary Contributor III

@tsylwest the syntax you’re looking for is grep -i “string” That turns on grep’s case insensitivity mode. 

@mm2270 Thanks for the tip 😊 much appreciated, will give that a go!

New Contributor III

I guess I don't know how to use the script that @iJake has kindly offered up. I've loaded it up in jamf and see this.  What am I missing or doing wrong?


Screen Shot 2021-10-26 at 11.08.15 AM.png



@winterboerMight want to remove your AMP URL from that photo. Might not. 😉  Your download works, I see it's 32 MB.  I'm deploying (29.2 MB) tested and still working this morning.  Perhaps something has changed with a newer version?

Also, as noted above, Location changed to location (which I edited in my script).  Perhaps you just need to add a -i to the grep command.

++grep Location: to ++grep -i Location:

Line 13 in my script:

dmgURL=$(curl --head "$redirectingURL" | grep -i "Location:" | awk '{print $2}')

New Contributor III

Thank you very much for the reminder. I've cleaned it. I'll mod the script and see what happens. 

@winterboerMight want to double check that, url is still in the photo.

Glad you got it working.

If you want the script less chatty, just add a # in front of the set -x at the top or remove it completely.  I often use it when troubleshooting and getting things going then comment it out.

New Contributor III

@ubcoit Thank you for your help, it works as expected. 

Valued Contributor

I didn't remove "?product=MacProduct" but I did add the "-i" after grep and it fixed the script for me. 

I think the web page that it gets must have changed "Location" to "location" ... it's not a change in curl

New Contributor II

My download URL recently changed, so if you get the failed to download error, go check your URL in the amp portal. 

I believe they expire at some point by design?

New Contributor

Hey Guys,

Anyone had success in 2023 with the new Cisco Secure Endpoint (VS AMP)? Any tips if so, as we are hitting roadblocks. 

Valued Contributor II

installing fresh or upgrade? due to the hidden .policy.xml i re-pack in composer and use a script to install in pkg. i'm using this to upgrade from AMP and so far no issues. Note of course all the requirement for config profile PPPC, System Ext, Content Filter..  what versions are you going from - to?

Capture 2023-01-26 at 17.40.22.png


## postinstall



if [[ -e "$PKG" && -e "$XML" ]]; then
    /usr/sbin/installer -pkg "$PKG" -tgt /
    echo "Package or XML was missing. Aborting installation…"
    exit 1

if [ $RES == 0 ]; then
    ## Cleanup folder payload
    rm -Rfd "$BASE"
    exit 0
    echo "Installation may have failed with exit code $RES"
    exit $RES




sure i borrowed that script from somewhere.. 

Truly appreciate the quick feedback! This is for a fresh/new install, most recent version 

I'm deploying with the script provided here on Jamf.



#set -x

#ciscoAMPPath="/Applications/Cisco AMP/AMP for Endpoints"

dmgURL=$(curl --head "$redirectingURL" | grep -i "Location:" | awk '{print $2}')
if [[ -z $dmgURL ]]
    echo "Unable to retrieve DMG url. Exiting..."
    exit 1

echo "DMG URL found. Continuing..."

dmgFile=$(basename "$(echo $dmgURL | awk -F '?' '{print $1}')")
dmgName=$(echo "${dmgFile%.*}")

mkdir -p "$tmpFolder"
echo "Downloading $dmgFile..."
/usr/bin/curl -L -s "$redirectingURL" -o "$tmpFolder"/"$dmgFile" --location-trusted

if [[ -e "$tmpFolder"/"$dmgFile" ]]
    hdiutil attach "$tmpFolder"/"$dmgFile" -nobrowse -quiet
    if [[ -e "$localInstallerVolume"/"$localInstallerPackage" ]]
        echo "$localInstallerPackage found. Installing..."
        /usr/sbin/installer -pkg "$localInstallerVolume"/"$localInstallerPackage" -target /
        if [[ $(echo $?) -gt 0  ]]
            echo "Installer encountered error. Exiting..."
            hdiutil detach "$localInstallerVolume" -force
            rm -Rf "$tmpFolder"
            exit 1
            echo "Successfully installed "$localInstallerPackage". Exiting..."
            hdiutil detach "$localInstallerVolume" -force
            rm -Rf "$tmpFolder"
            exit 0
    echo "$dmgFile failed to download. Exiting..."
    exit 1


New Contributor

Have been struggling with AMP install in our lab environment for a long time and this script seems to get me most of the way there (some naming convention changes to the app and installer for example). This may be a silly question but my attempts to make this work always seem to fail as they are unable to retrieve the DMG URL. I have tried both posted versions of the code (one with the URL inserted into the code and one with the URL defined as variable $4.) Does anyone have any thoughts why this may be failing? Thanks in advance!

Aha I can see some additional fixes to the script re: DMG location above. I apologize for appearing to not read the post fully.