Endgame sensor Full Disk access

rgreenjr724
New Contributor II

Hey all,

Has anyone been able to successfully rollout Endgame with to new MacBooks running Catalina? We use no-touch provisioning, and this is currently the only issue I have to fix manually. I have a policy set to grant full disk access to Endgame's esensor, but it doesn't seem to be working. I still need to go into each computer during our day one onboarding sessions and manually grant full disk to the sensor.

I've tried using the PPPC utility for this, but that doesn't seem the fix the issue either.

5 REPLIES 5

blackholemac
Valued Contributor III

OK mark this as strange...This is like the fourth or fifth post (myself included) in the past two weeks or so with someone having trouble granting full disk access for either some app or some system extension and the software not working despite everyone following documentation.

I’m beginning to wonder if there is some sort of bug in macOS 10.15.2 or 10.15.3 where the system isn’t honoring PPPC profiles properly or some bug in Jamf where getting the profiles are not getting formulated or applied properly to a Mac. I’m unaware of one, but it just seems weird....The problem seems to revolve around endpoint protection products seeking full disk access.

Just a thought but hoping that Jamf employees see this trend. I was able to ultimately solve my problem with Symantec endpoint protection, but I had to run a script developed by another JamfNation user.

bishopz
New Contributor III

Have you approved the Endgame kext? Iirc, I had this same issue when deploying Sophos.

rgreenjr724
New Contributor II

blackholemac - I've noticed this as well. Originally I thought it was an issue with using my old configuration which still works perfectly with Mojave. I remade my configuration specifically for new Catalina computers, and still nothing.

bishopz - I do have an approval setup for the Endgame kext, which works with no issue. We use zero touch provisioning along with Splashbuddy for setup, and as soon as a computer is finished I can find the sensor on the computer. In Jamf, I don't see any errors for giving the sensor full disk, but on the computer it's not listed in security > privacy.

I'm also starting to believe this is more of a Jamf issue than a config issue. I've seen a number of similar posts about Crowdstrike popping up recently as well.

LoganS
New Contributor II

I'll just chime in also having this issue with endgame. Not sure what to try next.

user-mDjJSJPime
New Contributor

Hi All,

Did anyone ever find a solution here to this - I have the deployment working with my own script - and I have set up a configuration policy with approved kernel extensions set for the Endgame developer Team IDs - but it seem to be not applying correctly. 

TIA for any help on this.
Joseph.