Skip to main content
Question

Extension attribute Script

N
Forum|alt.badge.img+2

I am trying to setup an extension attribute to verify if MS defender is enabled on devices in our environment. When I save the EA I only get a response from 1 device but I need responses from all of my devices. Any advice would be appreciated! Thanks

 

#!/bin/sh echo "<result>`mdatp health | grep real_time_protection_enabled| awk '{print $3}'`</result>"

 

 

    4 replies

    sdagley
    Forum|alt.badge.img+25
    • sdagley
    • Jamf Heroes
    • 3533 replies
    • March 3, 2025

    @nhenderson You should use the full path to the mdatp binary, and don't assume it's installed so you can report an error it if isn't. Something like this:

     

    #!/bin/sh mdatpPath="/Path/To/mdatp" result="Not Installed" if [ -e "$mdatpPath" ]; then result=$("$mdatpPath" health | grep real_time_protection_enabled | awk '{print $3}') fi echo "<result>$result</result>"

     

    (You were also missing a space preceding the pipe between your grep and awk statements) 

    Shyamsundar
    1 person likes this
    • Shyamsundar
      Shyamsundar
    N
    Forum|alt.badge.img+2
    • nhenderson
    • Author
    • New Contributor
    • 1 reply
    • March 3, 2025
    sdagley wrote:

    @nhenderson You should use the full path to the mdatp binary, and don't assume it's installed so you can report an error it if isn't. Something like this:

     

    #!/bin/sh mdatpPath="/Path/To/mdatp" result="Not Installed" if [ -e "$mdatpPath" ]; then result=$("$mdatpPath" health | grep real_time_protection_enabled | awk '{print $3}') fi echo "<result>$result</result>"

     

    (You were also missing a space preceding the pipe between your grep and awk statements) 


    I appreciate the quick response! I have made the changes and I will see if that works.

    mm2270
    Forum|alt.badge.img+16
    • mm2270
    • Legendary Contributor
    • 7880 replies
    • March 6, 2025
    nhenderson wrote:

    I appreciate the quick response! I have made the changes and I will see if that works.


    Keep in mind that devices will only show updated information for a new Extension Attribute once they submit new inventory back to your Jamf Pro console. Just wanted to mention that because a lot of people get confused at first on this. It's not going to update on all Macs immediately after it's created.

    sdagley
    Forum|alt.badge.img+25
    • sdagley
    • Jamf Heroes
    • 3533 replies
    • March 6, 2025
    mm2270 wrote:

    Keep in mind that devices will only show updated information for a new Extension Attribute once they submit new inventory back to your Jamf Pro console. Just wanted to mention that because a lot of people get confused at first on this. It's not going to update on all Macs immediately after it's created.


    I can't believe nobody has created a FR to trigger a recon policy on all Macs when an EA is created/updated. :-)

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings