Jamf Nation Community

Jesper · ‎12-07-2018

We are beginning to evaluate Cisco AMP for our Antivirus needs.
In connection with that I need to deploy the app via Jamf.

In the newest release, Cisco has made AMP a notarised app, and changed the way they distribute it from a .pkg to a .dmg.

They state that I need to do this to install the .dmg:

• Push amp_mac_connector.dmg to your endpoints
• Mount the .dmg file:
$ hdiutil attach ampmac_connector.dmg
• Execute the Apple notarized Mac Connector package file:
$ sudo installer -pkg /Volumes/ampmac_connector/ciscoampmac_connector.pkg -target /
• Un-mount the .dmg file:
$ hdiutil detach /Volumes/ampmac_connector

So, my question is:
Do I need to do the above or can I just extract the .pkg from the .dmg and deploy that like normal, or will that somehow not work because it is notarised?

Thanks for any insights anyone might have on this, as I am not entirely certain about the new notarised concept.

Regards
Jesper

Dr_Jones · ‎12-10-2018

I wasn't able to successfully deploy v.1.9.0.x without actually following the directions

Turn their instructions into a script
Create an installer and add the created script as a post-install

#!/bin/sh
#####
#Mount the .dmg file
#####

hdiutil attach /private/tmp/ampmac_connector.dmg

######
#Execute the Apple notarized Mac Connector package file
######

/usr/sbin/installer -pkg  /Volumes/ampmac_connector/ciscoampmac_connector.pkg -target /

#####
#Un-mount the .dmg file
######

hdiutil detach /Volumes/ampmac_connector



exit 0      ## Success

Everything should work perfectly with that workflow

Jesper · ‎12-11-2018

Thanks a lot @Dr_Jones .

Ill utilise that to deploy it.

misenberg · ‎03-20-2019

@Dr_Jones Ok slightly confused on your instructions.

I created your script in Jamf, but how do I make an installer?

Should I be uploading the DMG to Jamf and creating a policy?

Currently, I have a policy that installs the cisco amp from a . PKG but it recently just stopped working. It just says "installer failed" in terminal. No real helpful information. That same PKG installs just fine on a computer if I put it on the machine locally. It just won't work from Jamf.

Any information you could provide would be very helpful. Thanks!

Dr_Jones · ‎03-20-2019

You have a few different options @misenberg

Upload script to Jamf Pro and create a policy that deploys ampmac_connector.dmg to the local machine, I chose the /private/tmp/ folder in my case, the script should be attached to the newly created policy to run after ampmac_connector.dmg has been installed somewhere.
I created an pkg that places ampmac_connector.dmg into /private/tmp/ampmac_connector.dmg and includes the script as a postinstall function so the installer isn't so dependent on Jamf Pro.

Let me know if you still run into issues!
Ronnie

misenberg · ‎03-20-2019

@Dr_Jones I see what you are saying. How do I tell the policy where to put the DMG (i.e. /private/tmp). I did this for Mojave and I can't remember what we did haha!

misenberg · ‎03-20-2019

Nevermind, we did it with composer and did a snapshot! Now we are trying to figure out our smart groups and how to scope the policy

Dr_Jones · ‎03-20-2019

Awesome @misenberg! Composer is definitely the easiest way to go, I'd skip the snapshot part next time and just open up composer to drag and drop the files that have on your local machine/check file permissions in to create your installer, otherwise you might catch unwanted files during the snapshot period.

Sounds like you got it figured out : )

Jamf Nation Community

Help to deploy notarised app to Mac