Skip to main content
Question

Deployment for Cisco Secure Client XDR (Working Script)

  • February 26, 2025
  • 3 replies
  • 3 views

Forum|alt.badge.img+4

I saw a couple of articles online to install Cisco Secure Client via jamf. However it was mostly for VPN and umbrella and when taking dmg from xdr into composer it proved to be less then helpful. No matter what it did not like to be manipulated. I have created a deployment script using full installer dmg for anyone that runs into this who also is using Cisco XDR. I am open to suggestions on the script but this got the job done and cleanly. Make sure you setup a configuration profile for background processes.

First thing is go in to Cisco XDR download both Full installers for AMD and ARM. Then upload the DMG files in to Jamf

Next Create the Script using this bash script. It uses the jamf waitingroom cache applications.

#!/bin/bash # Author: Ryan Tarson # Cisco Secure Client DMG Installer Script for Jamf (Flexible for Both Architectures) # # This script installs Cisco Secure Client for macOS using a pre-deploy DMG that # contains a single package: # com.cisco.secureclient.cloudmanagement_bootstrap-signed.pkg # # Parameters: # $4 = Example DMG file name for Intel (e.g., "csc-deploy-full-XDR Default Deployment for macOS - amd64.dmg") # $5 = Example DMG file name for Apple Silicon (e.g., "csc-deploy-full-XDR Default Deployment for macOS - arm64.dmg") # $6 = Mounted DMG volume name (e.g., "UniefiedConnector") # ### Variables ### arch=$(uname -m) if [ "$arch" = "arm64" ]; then dmgName="$5" else dmgName="$4" fi mountVolume="$6" waitingRoomDMG="/Library/Application Support/JAMF/Waiting Room/$dmgName" ### Logging Function ### log() { jamf log "$1" } log "Starting Cisco Secure Client installation from DMG." log "Detected architecture: $arch" log "Using DMG: $waitingRoomDMG" log "Expected mounted volume: $mountVolume" ### Mount the DMG ### log "Mounting DMG: $waitingRoomDMG" hdiutil attach "$waitingRoomDMG" -nobrowse sleep 5 ### Verify mount ### if [ ! -d "/Volumes/$mountVolume" ]; then log "Mount failed: /Volumes/$mountVolume not found." exit 1 fi ### Locate the package ### pkgPath="/Volumes/$mountVolume/com.cisco.secureclient.cloudmanagement_bootstrap-signed.pkg" if [ ! -f "$pkgPath" ]; then log "Package not found at expected path: $pkgPath" hdiutil detach "/Volumes/$mountVolume" -quiet exit 1 fi log "Found package: $pkgPath" ### Install the package ### log "Installing package..." installer -pkg "$pkgPath" -target / installStatus=$? if [ $installStatus -eq 0 ]; then log "Installation succeeded." else log "Installation failed with exit code $installStatus." hdiutil detach "/Volumes/$mountVolume" -quiet exit $installStatus fi ### Unmount the DMG ### log "Unmounting DMG..." hdiutil detach "/Volumes/$mountVolume" -quiet sleep 5 ### Clean up the DMG file from the Waiting Room ### rm "$waitingRoomDMG" log "Removed DMG file from Waiting Room." log "Cisco Secure Client installation completed successfully." exit 0

Create a policy for the Cisco XDR installer and add the 2 dmgs to the packages and set them to cache

 

Then add the script to the policy and enter the information matching the dmg file name and the name of the mount.

 

3 replies

DMH2000
Forum|alt.badge.img+7
  • Valued Contributor
  • 76 replies
  • February 28, 2025

Good article @rtarson!  We are just now testing XDR, seems to make things more simple.  We noticed you can't just pull the package from the dmg and run it or use it as is.  If you open the package in composer, you won't see any install files, just scripts.  I guess the dmg holds all the information. 

My question is why not just use the amd version and let Rosetta control it.  We have Rosetta installed on all arm machines. I followed this Github article RTOUTON_Rosetta_Script. I built this script when we got our first M1 MacBooks around 2021.


Forum|alt.badge.img+4
  • Author
  • Contributor
  • 10 replies
  • February 28, 2025
DMH2000 wrote:

Good article @rtarson!  We are just now testing XDR, seems to make things more simple.  We noticed you can't just pull the package from the dmg and run it or use it as is.  If you open the package in composer, you won't see any install files, just scripts.  I guess the dmg holds all the information. 

My question is why not just use the amd version and let Rosetta control it.  We have Rosetta installed on all arm machines. I followed this Github article RTOUTON_Rosetta_Script. I built this script when we got our first M1 MacBooks around 2021.


I would go in that direction but we are a k-12 we only have macs for certain subjects. So only around 100 mac devices we just got budget passed to replace all with brand new Apple Silicone chipset. So reality we wont really need to support AMD since the applications we use and being all intel based macs are gone just dont need to support legacy. 


DMH2000
Forum|alt.badge.img+7
  • Valued Contributor
  • 76 replies
  • March 6, 2025
rtarson wrote:

I would go in that direction but we are a k-12 we only have macs for certain subjects. So only around 100 mac devices we just got budget passed to replace all with brand new Apple Silicone chipset. So reality we wont really need to support AMD since the applications we use and being all intel based macs are gone just dont need to support legacy. 


@rtarson  After looking at how Cisco packaged the DMG, I went with your script and instructions.  This was easy to set up.  Your post was very timely for me, as we are now in the testing phase and have both amd & arm machines, so they get the correct app for the architecture.  I wanted to give a shout out to you!


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings