Huge data downloads by JAMF client

SvenLilie
New Contributor

I'm working off 4G for sometime and have installed the Tripmode app to selectively allow and deny traffic. When I leave it open (like today) my JAMF client suddenly uses huge data download (>7GB in one day.Screenshot 2021-10-05 at 13.12.21.pngScreenshot 2021-10-05 at 13.14.05.png

Can someone explain what is happening here?

1 ACCEPTED SOLUTION

more than likely the Run Frequency for that Policy is set to Ongoing. If you either take your machine out of scope of that policy or change the Run Frequency to Once Per Computer it will cease trying to run.

I would then recommend troubleshooting why it is failing to install, and check to see if it is only on your system or other systems that are failing as well (check the Logs for the Policy by opening the Policy in JAMF and clicking the 'Logs' button in the lower right).

View solution in original post

5 REPLIES 5

bmack99
Contributor III

check your jamf.log in /var/logs/ - do you see a large number of policies running during the time period mentioned or a single policy with a large install package running?

SvenLilie
New Contributor

Looks like it is the Defender ATP package that fails to install and try again and again (download->install->download ->install). So why does it not stop at some point...

But thank you for pointing me in the right direction (log is in /var/log/jamf.log)

more than likely the Run Frequency for that Policy is set to Ongoing. If you either take your machine out of scope of that policy or change the Run Frequency to Once Per Computer it will cease trying to run.

I would then recommend troubleshooting why it is failing to install, and check to see if it is only on your system or other systems that are failing as well (check the Logs for the Policy by opening the Policy in JAMF and clicking the 'Logs' button in the lower right).

>So why does it not stop at some point...

It's up to you to set an "exit" for an Ongoing Policy. Jamf will only do what you want it to do if you set a Once per Computer frequency with auto-retry on failure enabled. Ongoing Policies have no logic built in for exiting what amounts to an infinite loop. Every check in, it will run. That's all Ongoing means. Not "every check in, it will run, until some other state is detected or some other thing occurs". You have to instruct Jamf to execute on that logic using additional Policies. 

I'd recommend splitting larger software install Policies into two separate Policies, one to download the package (Cache), and one to install it (Install Cached). That way, you could theoretically repeat the installation over and over again without wasting any bandwidth. You then need to perform some Smart Group magic to have successful installations move the Mac out of scope once it's done, either a "Application Title LIKE Microsoft Defender" (make sure you update inventory in the Install Cached Policy), or if you really wanted to be sure, an Extension Attribute that calls the `mdatp` command line utility and does a health check, and then base your Smart Group scopes on that.

I like the idea of splitting into a "cached" and "install cached" policies, but a couple issues to consider - the cached items would be removed after the install cached policy runs (if it completes "successfully" even tho there could be errors) OR that the Waiting Room would get messy with cached items for all those failed installs...