Skip to main content
Question

Flexera SVM/CSI Integration with Jamf Patch Management?

  • May 24, 2018
  • 2 replies
  • 15 views
T
Forum|alt.badge.img+2

Hello,

JAMF newbie here. We currently use Flexera SVM/CSI for vulnerability detection and third-party patching on our Windows PCs. The agent also supports MacOS. JAMF Pro's patch management is very limited and can't detect more than the basic stuff, whereas Flexera can detect thousands of software packages. I intend to push the Flexera agent to our endpoints to get more insight, but thought it might be useful to connect JAMF to Flexera in some way to pull the data it grabs back into JAMF - even as an external patch management server so I can see all known vulnerable packages, not just the few JAMF supports.

Has anyone done anything like this?

C
T

2 replies

B
Forum|alt.badge.img+15
  • bcbackes
  • Valued Contributor
  • September 15, 2018

We have just implemented Flexera 3rd party patching on our Windows computers. I to have seen that Flexera can be used on Macs. I haven't looked into it yet since we are just starting to use Flexera for the Windows computers. I didn't want to add any additional variables to the mix if we ran into issues.

I'm hoping that after we update our Jamf v.10.0.0 to the latest, then, I can start looking at implementing Flexera in the next couple months. I can certainly respond back and let you know what issues/fixes we have discovered and wether or not we are able to successfully implement Flexera in Jamf.

Thank you @tip204 for bringing this up.

rastogisagar123
Forum|alt.badge.img+12

we are using Flexera or FNMS agent in our windows environment where we dont have any challenges but in MAC OS X we are not able to get it work and we already contacted to Flexera Vendor and we got below response :-

The ndtrack agent attempts to inventory application bundles under "/Applications", "/Developer/Applications" and "/System" file system paths. Under these paths, the agent is looking for "Contents/Info.plist", "Contents/Info-macos.plist" and "Resources/version.plist" files to extract details of the application bundle. These plist files contain the details of application name and version. The agent makes use of Mac OS X library calls (CFURLCreateFromFileSystemRepresentation() and CFBundleCreate()) to parse these files. The console messages are coming from these library calls when the agent finds a plist file which is malformed. The agent safely ignores these failures, which is why an ndi file is still generated and uploaded.

I have searched for this error and found the following external link:

https://stackoverflow.com/questions/15647987/localizable-strings-causing-plist-parsing-error

The ramification of these failures is that some application bundles will not be successfully inventoried. Unfortunately, based on the information that we have from the console and tracing, we are unable to identify exactly which application bundles are impacted.

I can submit an enhancement to the agent to provide better tracing when we fail to parse a plist file

Ultimately, these corrupt files are out of our control, as is the infrastructure which parses them. These files would need to be fixed by the package author which created them originally.

For importing inventory data from other third party inventory sources and bringing them to FNMS, I guess we can do from SCCM to FNMS and beacon.

My question is can we serial number from SCCM, do we need to install any SCCM agent on MAC.

Sagar Rastogi
Terms & ConditionsCookie settingsAccessibility statement