Jamf Nation Community

jonathanla · ‎03-17-2016

I'm having some difficulty figuring out how to use Casper to install Cylance on every Mac in our organization. I've tried to create a shell script that will run it (not through Casper yet) but when I try on a test Mac it fails.

I have the Cylance.pkg and a cylance_install_token file in the same folder as the script. I copied the verbiage from a larger script that someone in our InfoSeec team had created a while ago to install this and other security software and it works there. Maybe I missed something?

If I can get this script to actually install it then I can go to the next step and figure out how to use Casper to push it out.

!/bin/sh

Cylance AV Client Install

echo "Installing Cylance AV Agent for Mac. ";
echo "Cylance AV Agent Start: " date" " >> $LOG; installer -pkg CylancePROTECT.pkg -target LocalSystem
echo "Cylance AV Agent Stop: " date" " >> $LOG;
echo "Completed Cylance AV Agent for Mac Installation. ";

The output I get from Terminal is

BUR-JMENDEL4-i:~ jmendel$ /Users/jmendel/Desktop/Cylance Installer/Cylance.sh Installing Cylance AV Agent for Mac.

/Users/jmendel/Desktop/Cylance Installer/Cylance.sh: line 5: $LOG: ambiguous redirect
installer: Error the package path specified was invalid: 'CylancePROTECT.pkg'.
/Users/jmendel/Desktop/Cylance Installer/Cylance.sh: line 7: $LOG: ambiguous redirect
Completed Cylance AV Agent for Mac Installation.

BUR-JMENDEL4-i:~ jmendel$

Chris_Hafner · ‎07-11-2016

@jonathanla Try this

• Open /private/tmp (On a computer with composer)
• Create a folder called "Cylance" (Just a suggestion on name)
• Drag the cylancePROTECT.pkg into this new folder.
• Create a shell script as suggested (example below) and call it something like "install_cylance_with_token.sh"

#!/bin/sh
#!/bin/bash

echo PLACE_TOKEN_HERE > /private/tmp/Cylance/cyagent_install_token 
sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target /

exit 0

• Copy the script into that new directory (/private/tmp/Cylance)
• Open Composer
• Drag the entire "Cylance" directory into Composer (the "Cylance" folder that you created in /private/tmp/)
• Check permissions on everything in that composer list.
• Package what you have in composer as a .pkg or a .dmg as you prefer. I see no benefit to having this packaged as a .dmg so...
• Upload this new package to Casper Admin with whatever notes and settings you prefer. In all likelihood, this will need to be installed after boot, but I'm not positive. • Create a policy as described above, using the "execute command" field in "Files and Processes" as described. In the case of my example, that would be:

/private/tmp/Cylance/install_cylance_with_token.sh

This is what I've done this morning to check. It's working well for me.

P.S. I did consider simply trying to edit the source of the installer as there seems to be a script in the package where we could stick the token, but this process seems simpler.

View solution in original post

davidacland · ‎03-17-2016

The two errors you're getting are:

ambiguous redirect - You are using the $LOG variable but it's not set anywhere
package path invalid - There isn't a path to the CylancePROTECT.pkg so the script doesn't know where to look for it

Ignoring the echo commands, does the package install ok with:

installer -pkg /full/path/to/CylancePROTECT.pkg -target /

jonathanla · ‎03-17-2016

I've made the changes and added sudo because without that it was saying it needed to be run as root. However with sudo it requires a password that I want the users to avoid seeing or having to enter.

davidacland · ‎03-17-2016

The jamf binary runs as root on the client devices so when you get to that stage you won't need sudo or for them to enter an admin password.

jonathanla · ‎03-17-2016

Thanks. Now that we've determined that it works manually do you have suggestions for the best way to have it set to run unattended on every Mac in our company?

davidacland · ‎03-17-2016

The easiest method would be to add the package as-is to your distribution point and deploy via a policy. If it works using the installer command, it should be ok with a policy. Did the cylance_install_token file have something to do with it?

jonathanla · ‎03-17-2016

It requires the cylance_install_token file to be in the same folder as the pkg

davidacland · ‎03-17-2016

Ok. In that case, create a new package that deploys the installer package and the cylance_install_token into a folder on the target Macs hard drive (I normally use /tmp for things like this) and up-load the new package to the distribution point.

In the policy, deploy the package, which will drop the actual package into the folder you've specified, along with the file, then add an extra command in the "files and processes" section of the policy, using the "execute command" text field to run installer -pkg /path/to/package -target /

jonathanla · ‎03-17-2016

Can I use one of the Casper tools to create the package?

davidacland · ‎03-17-2016

Absolutely. Composer is for building packages.

wayfaircasper · ‎03-21-2016

@jonathanla is this installing your install token as well?!

Im currently attempting to deploy this remotely as well. from the cylance site i found this:

"The following shell scripts can be used to install & deploy Cylance on OSX using Casper:
UNATTENDED_INSTALL.SH
1 #!/bin/bash
2 echo xxxxxxxxxxxxxx > /private/cylanceinstall/cyagent_install_token
3 sudo installer -pkg /private/cylanceinstall/CylanceAgent.pkg -target /
For the unattended_install.sh, replace the xxxxxxxxxxxxxx with your install token. The unattended_install.sh is packaged with the installer pkg, and placed in /private to wait for execution from another shell script.
TRIGGER.SH
1 #!/bin/bash
2 sudo cd /private/cylanceinstall
3 source /private/cylanceinstall/unattended_install.sh
4 sleep 60 5 sudo rm -rf /private/cylanceinstall
The trigger.sh script is executed from the server side to run unattended_install.sh, sleep for 60 seconds (waiting for the installation to complete), then remove the deployment package."

kempt · ‎05-03-2016

Has anyone gotten this to deploy successfully? If so, what did you do exactly to achieve this? @wayfaircasper I'm encountering issues when I try to follow the directions posted on Cylance's site.

Chris_Hafner · ‎05-04-2016

I have... then again it was just a POC with a single token that I was distributing to a small test fleet of about 20 computers. I'll admit that for the POC I simply grabbed the installer and token via Composer snapshot that I cleaned up and packaged. Nothing scripted and nothing complicated. Again, I used only my POC token but all units were properly recognized on their web console.

This was a month or so ago so I'm not what differences there may have been. We won't be deploying for a few more months, so I haven't pursued beyond the POC.

wayfaircasper · ‎05-04-2016

@kempt I got it working, but not exactly the way that Cylance says to install it.

I used their:
UNATTENDED_INSTALL.SH
1 #!/bin/bash 2 echo xxxxxxxxxxxxxx > /Customlocation/cylanceinstall/cyagent_install_token 3 sudo installer -pkg /Customlocation/cylanceinstall/CylanceAgent.pkg -target /

With one policy I have this Script and the CylancePROTECT.pkg that are moved into a directory on the users machine, Next in the policy i add "File and Processes", and under the "Execute Command" I have the following line: /Customlocation/unattended_install.sh

This just runs the unattended Install, that creates the token and installs the software. it does it silently and seems to work as expected.

let me know if you need any help.

jonathanla · ‎07-05-2016

Sorry to have dropped this for a while. I'm coming back to this now.

I used Composer to snapshot the install of the Cylance package. During the install, a modal window pops up wanting the token key. I can open a text file, copy and paste the key in and then continue with the install. After I finish the snapshot and upload it in Casper Admin I build a policy with that package and it will install Cylance, however, it will be without any token key and will keep prompting for a key in another modal window. This would not be optimal for the user experience.

Why won't it keep the token key in the package? Is there a file somewhere's I can find it and add it to the snapshot?

jonathanla · ‎07-05-2016

@wayfaircasper

Would you mind uploading some screenshots of your policy that you created to run it unattended? I think this might be the better option to install this way.

Thanks.

wayfaircasper · ‎07-06-2016

@jonathanla

This may not be the correct way to do this but it is how i got it working.

This is my package before it's actually packaged in composer:

The policy runs and this package and all contents are delivered and extracted to the target machine:
next this is how my policy is set up:

You can see that the policy moves the files over, then runs a script that imitates the actual install process.

I use the commands in the above comments, that has not changed.

Again this may not be the expected way to install cylance but it's been working for me. let me know if this helps at all.

Please let me know if this helps, or if i can explain it better.

sedwards00 · ‎07-08-2016

@wayfaircasper

Could you possibly share your unattended_install file. I'm testing it and I cannot get it to work.

wayfaircasper · ‎07-08-2016

@sedwards00

It's actually written above in one of my posts but heres a screenshot (obviously place your token in the right spot in the script)

Are you getting any errors when it fails?

jonathanla · ‎07-11-2016

Sorry @wayfaircasper

I'm still not following your process. Can we start at the beginning?

You use Composer to install Cylance and during the install when it asks for the token you copy and past it in that field and then finish up the Composer snapshot which you have saved as CylanceAgent1.pkg

Chris_Hafner · ‎07-11-2016

@jonathanla Try this

• Open /private/tmp (On a computer with composer)
• Create a folder called "Cylance" (Just a suggestion on name)
• Drag the cylancePROTECT.pkg into this new folder.
• Create a shell script as suggested (example below) and call it something like "install_cylance_with_token.sh"

#!/bin/sh
#!/bin/bash

echo PLACE_TOKEN_HERE > /private/tmp/Cylance/cyagent_install_token 
sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target /

exit 0

• Copy the script into that new directory (/private/tmp/Cylance)
• Open Composer
• Drag the entire "Cylance" directory into Composer (the "Cylance" folder that you created in /private/tmp/)
• Check permissions on everything in that composer list.
• Package what you have in composer as a .pkg or a .dmg as you prefer. I see no benefit to having this packaged as a .dmg so...
• Upload this new package to Casper Admin with whatever notes and settings you prefer. In all likelihood, this will need to be installed after boot, but I'm not positive. • Create a policy as described above, using the "execute command" field in "Files and Processes" as described. In the case of my example, that would be:

/private/tmp/Cylance/install_cylance_with_token.sh

This is what I've done this morning to check. It's working well for me.

P.S. I did consider simply trying to edit the source of the installer as there seems to be a script in the package where we could stick the token, but this process seems simpler.

Andy1 · ‎05-26-2022

Hi @Chris_Hafner

I am trying to package Cylance with the installation token with Composer. I followed your above guide and created a new package. I manually installed the package on the device, but I can't see the app visible under applications. Any idea why this is happening?

wayfaircasper · ‎07-11-2016

@Chris_Hafner

Thank you for the reply,

This is also how i am doing this, my tmp folder is called something different, and apparently i was not clear enough in the beginning. But the main key here is that you dont install cylance during the composer package creation, just have the install package in the correct tmp folder with the correct script.

my apologize, let me know if i can be of any further help.

Chris_Hafner · ‎07-11-2016

@wayfaircasper It was clear enough to me, which is why I built to process to test. I've also adopted it because it's really darned simple!

Thanks for coming up with that!

jonathanla · ‎07-11-2016

@Chris_Hafner

Thanks for posting it in more detail. I'm fairly new at this and it helps to walk through every detail so that it makes sense to me.

Open /private/tmp (On a computer with composer)
• Create a folder called "Cylance" (Just a suggestion on name)

(should I also copy the CylanceProtect.pkg installer in here?

• Create a shell script as suggested (example below) and call it somethign like "install_cylance_with_token"

!/bin/sh

!/bin/bash

echo PLACE_TOKEN_HERE > /private/tmp/Cylance/cyagent_install_token

What am I supposed to be putting here? The actual key number? How does the policy read and add this to Cylance?

sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target /

exit 0
• Copy the script into that directory (/private/tmp/Cylance)

• Open Composer
• Drag the entire "Cylance" directory into Composer (the "Cylance" folder that you created in /private/tmp/
• Check permissions on everything in that composer list.
• Package what you have in composer as a .pkg or a .dmg as you prefer. I see no benifit to having this packaged as a .dmg so...
• Upload this new package to Casper Admin with whatever notes and settings you prefer. In all likelyhood, this will need to be installed after boot, but I'm not positive. • Create a policy as described above, using the "execute command" field in "Files and Processes" as described. In the case of my example, that would be:

/private/tmp/Cylance/install_cylance_with_token

Chris_Hafner · ‎07-11-2016

Whoops, sorry about that! I've edited the post to clarify for the future. It was a good thing too, as there were also a few blatant misspellings! In any event, Yes, you should copy the cylancePROTECT.pkg into that new folder. And yes, you copy your "installation token" from the "Application" section (https://my-vs2.cylance.com/Application/) of your Cylance Dashboard into the script. Specifically, where the text says "PLACE_TOKEN_HERE". Make sure that the spaces between remain intact.

jonathanla · ‎07-11-2016

xxx

jonathanla · ‎07-11-2016

@Chris_Hafner

I followed the steps and it did install with the token. I did get this error in the logs though, but the install was succesful.

Executing Policy Cylance Unattended with Token
Mounting dmartin_share to /Volumes/CasperShare...
Verifying package integrity...
Copying Cylance.pkg...
Installing Cylance.pkg...
Successfully installed Cylance.pkg.
Running command /private/tmp/Cylance/install_cylance_with_token.sh...
Result of command:
installer: Package name is Cylance Agent
installer: Installing at base path /
installer: The install failed (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.)

jonathanla · ‎07-11-2016

I uninstalled Cylance, flushed the logs and tried again and this time completed successfully without error.

Thanks @Chris_Hafner and @wayfaircasper for your help.

Jonathan

Chris_Hafner · ‎07-11-2016

Post was solved while I was typing questions...

nicklaird · ‎07-12-2016

I see that this was already solved but figured I'd toss in how I accomplished this.

Using Composer to capture everything, I created a folder in /private named cylanceinstall and dropped my cylanceprotect.pkg and my UNATTENDED_INSTALL.sh in there, and turned that into a .pkg that would do the same on end-user machines. Then I created my CYLANCE_TRIGGER.sh, uploaded that to my JSS, and set it to run AFTER. I created a policy that included both my .pkg and the CYLANCE_TRIGGER.sh. The pkg gets pushed out first, creates the folder and dumps the .pkg and the unattended.sh into it, then the trigger.sh triggers the unattended.sh to run the install. I can't locate my unattended_install.sh at the moment, but I know it includes our token.

The CYLANCE_TRIGGER.sh script is as follows:

!/bin/bash

sudo cd /private/cylanceinstall
source /private/cylanceinstall/unattended_install.sh
sleep 60 sudo rm -rf /private/cylanceinstall
jamf recon

sedwards00 · ‎07-12-2016

I'm continuously getting this error when testing.

sedwards00 · ‎07-12-2016

@Chris_Hafner

I got it to install but I still get errors from the logs:

Executing Policy Cylance Unattended with Token
Mounting dmartin_share to /Volumes/CasperShare...
Verifying package integrity...
Copying Cylance.pkg...
Installing Cylance.pkg...
Successfully installed Cylance.pkg.
Running command /private/tmp/Cylance/install_cylance_with_token.sh...
Result of command:
installer: Package name is Cylance Agent
installer: Installing at base path /
installer: The install failed (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.)

Also, periodically the agent would run in Offline Mode. Is this to be expected?

Chris_Hafner · ‎07-13-2016

@jonathanla Was having the same issue. Perhaps, due to a previous installation of Cylance while he was testing this out. He uninstalled Cylance fully, and then re-installed via this method and stopped getting that error. Is your circumstance similar?

franton · ‎07-13-2016

@sedwards00 Your unattended_install.sh has been saved as a real text format. Make sure it's actual txt and that error you posted will go away.

Chris_Hafner · ‎07-13-2016

@franton Seen that one before?

jonathanla · ‎07-13-2016

@Chris_Hafner I was able to get that error to go away but it has reappeared on every completed log.

installer: The install failed (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance.)

sedwards00 · ‎07-13-2016

@franton At first I made that mistake but since then I been saving it as plain text in TextEditor.

Chris_Hafner · ‎07-13-2016

@jonathanla Interesting.

In the instructions above I followed the thread as everything was being described and completely spaced on one difference between what I wrote for instructions and what I did in my production environment. In the instructions above I had you add the following command:" /private/tmp/Cylance/install_cylance_with_token to the "Execute Command" field in the "Files and Processes" section of your JSS policy. This SHOULD work.

However, in my production environment, I added that command to a postinstall script, via composer and then wrapped the whole thing up as a .pkg. That way I could throw the .pkg on a flash drive if I ever wanted to. It is also a bit more "fool proof" as it won't rely on the JSS to get the rest of the policy right.

If you add a postinstall script to the Composer package, you MUST save it out as a .pkg and NOT .dmg.

Did I make sense?

franton · ‎07-18-2016

@Chris_Hafner Once or twice ;)

Jamf Nation Community

Installing Cylance Package

!/bin/sh

Cylance AV Client Install

!/bin/sh

!/bin/bash

!/bin/bash