Help

Extension attribute Script

nhenderson
New Contributor

2 weeks ago

I am trying to setup an extension attribute to verify if MS defender is enabled on devices in our environment. When I save the EA I only get a response from 1 device but I need responses from all of my devices. Any advice would be appreciated! Thanks

 

#!/bin/sh
echo "<result>`mdatp health | grep real_time_protection_enabled| awk '{print $3}'`</result>"

 

 

0 Kudos
Reply
4 REPLIES 4

sdagley
Esteemed Contributor II

2 weeks ago - last edited 2 weeks ago

@nhenderson You should use the full path to the mdatp binary, and don't assume it's installed so you can report an error it if isn't. Something like this:

 

#!/bin/sh

mdatpPath="/Path/To/mdatp"
result="Not Installed"

if [ -e "$mdatpPath" ]; then
    result=$("$mdatpPath" health | grep real_time_protection_enabled | awk '{print $3}')
fi

echo "<result>$result</result>"

 

(You were also missing a space preceding the pipe between your grep and awk statements) 

Reply

nhenderson
New Contributor
In response to sdagley

2 weeks ago

I appreciate the quick response! I have made the changes and I will see if that works.

0 Kudos
Reply

mm2270
Legendary Contributor III
In response to nhenderson

2 weeks ago

Keep in mind that devices will only show updated information for a new Extension Attribute once they submit new inventory back to your Jamf Pro console. Just wanted to mention that because a lot of people get confused at first on this. It's not going to update on all Macs immediately after it's created.

0 Kudos
Reply

sdagley
Esteemed Contributor II
In response to mm2270

2 weeks ago

I can't believe nobody has created a FR to trigger a recon policy on all Macs when an EA is created/updated. :-)

0 Kudos
Reply