Installing Cylance Package

jonathanla
New Contributor III

I'm having some difficulty figuring out how to use Casper to install Cylance on every Mac in our organization. I've tried to create a shell script that will run it (not through Casper yet) but when I try on a test Mac it fails.

I have the Cylance.pkg and a cylance_install_token file in the same folder as the script. I copied the verbiage from a larger script that someone in our InfoSeec team had created a while ago to install this and other security software and it works there. Maybe I missed something?

If I can get this script to actually install it then I can go to the next step and figure out how to use Casper to push it out.

!/bin/sh

Cylance AV Client Install

echo "Installing Cylance AV Agent for Mac. ";
echo "Cylance AV Agent Start: " date" " >> $LOG; installer -pkg CylancePROTECT.pkg -target LocalSystem
echo "Cylance AV Agent Stop: " date" " >> $LOG;
echo "Completed Cylance AV Agent for Mac Installation. ";

The output I get from Terminal is

BUR-JMENDEL4-i:~ jmendel$ /Users/jmendel/Desktop/Cylance Installer/Cylance.sh Installing Cylance AV Agent for Mac.

/Users/jmendel/Desktop/Cylance Installer/Cylance.sh: line 5: $LOG: ambiguous redirect
installer: Error the package path specified was invalid: 'CylancePROTECT.pkg'.
/Users/jmendel/Desktop/Cylance Installer/Cylance.sh: line 7: $LOG: ambiguous redirect
Completed Cylance AV Agent for Mac Installation.

BUR-JMENDEL4-i:~ jmendel$

1 ACCEPTED SOLUTION

Chris_Hafner
Valued Contributor II

@jonathanla Try this

• Open /private/tmp (On a computer with composer)
• Create a folder called "Cylance" (Just a suggestion on name)
• Drag the cylancePROTECT.pkg into this new folder.
• Create a shell script as suggested (example below) and call it something like "install_cylance_with_token.sh"

#!/bin/sh
#!/bin/bash

echo PLACE_TOKEN_HERE > /private/tmp/Cylance/cyagent_install_token 
sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target /

exit 0

• Copy the script into that new directory (/private/tmp/Cylance)
• Open Composer
• Drag the entire "Cylance" directory into Composer (the "Cylance" folder that you created in /private/tmp/)
• Check permissions on everything in that composer list.
• Package what you have in composer as a .pkg or a .dmg as you prefer. I see no benefit to having this packaged as a .dmg so...
• Upload this new package to Casper Admin with whatever notes and settings you prefer. In all likelihood, this will need to be installed after boot, but I'm not positive. • Create a policy as described above, using the "execute command" field in "Files and Processes" as described. In the case of my example, that would be:

/private/tmp/Cylance/install_cylance_with_token.sh

This is what I've done this morning to check. It's working well for me.

P.S. I did consider simply trying to edit the source of the installer as there seems to be a script in the package where we could stick the token, but this process seems simpler.

View solution in original post

108 REPLIES 108

Chris_Hafner
Valued Contributor II

Interesting. I never thought of that but I can see why you might want that to happen. Off the top of my head, I have no idea. I KNOW it's doable in Sierra because the user can simply drag it out fo their dock (just tried it). However, it must be in a menu extra plist somewhere. I'm currently breaking our new NAGIOS server but when Iv;e got a free moment I'll see if I can figure this out for Sierra at least. Hopefully, someone will jump in with a great idea in the mean time!

rosskivowitz
New Contributor

@Chris_Hafner I appreciate your time whenever you can. As per their support article, it's a simple attribute "NoCylanceUI". However, I tried to be cute and add it to your shell script as the following:

#!/bin/sh #!/bin/bash echo PLACE_TOKEN_HERE NoCylanceUI > /private/tmp/Cylance/cyagent_install_token sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target / exit 0

But that didn't work. It installed successfully, obviously, but then was prompted for the install token. So it definitely didn't like my addition to the shell script. Thanks in advance for any help you (or anyone) is able to provide. I've definitely learned that Cylance is a fickle, fickle thing when it comes to installing and uninstalling for both Mac and Windows.

fgeronimo
New Contributor

@rosskivowitz I can't test this but from reading the site, I found this within that support article.

The echo command outputs a cyagent_install_token file, which is a text file with one installation option per line

Each installation option must has it's own line so a line break may be needed. Try running this instead

#!/bin/sh

echo 'InstallToken
NoCylanceUI' > /private/tmp/Cylance/cyagent_install_token 
sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target /

exit 0

rosskivowitz
New Contributor

@fgeronimo Thanks for that. I tried it and it still took some caressing but I was ultimately able to get it working. Thanks for your help as well @Chris_Hafner!

Ross

Chris_Hafner
Valued Contributor II

@rosskivowitz I'm glad that you got it sorted. What was the solution?

rosskivowitz
New Contributor

@Chris_Hafner To be honest, I think somehow my copy/paste got messed up. I went back and looked at it again last night and I must have tried something funky yesterday. My script is exactly the same as @fgeronimo's, however, when I tried theirs, it prompted me for my install token. I tried it again later on and it worked so I definitely must have messed up the copy/paste which is, needless to say, hard for me to admit. But the following script worked for us:

#!/bin/sh echo 'InstallToken NoCylanceUI' > /private/tmp/Cylance/cyagent_install_token sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target / exit 0

Thanks everyone!

Chris_Hafner
Valued Contributor II

@rosskivowitz It happens to the best of us! Thanks for adding the clarification. This is great info for everyone to have!

YoshiiZee
New Contributor II

@Chris_Hafner I had to come on here just to thank you for the instructions for Cylance to install! I too was having issues which related to simple permissions. After recompiling and uploading back to JSS, it quickly installed on my machine without issues. Thanks again!

Chris_Hafner
Valued Contributor II

@YoshiiZee That's great to hear! I have to admit, I'm loving Cylance and I hope you do as well!

moiz_qureshi
New Contributor

Thanks guys, this thread helped me a lot! I used it to setup and deploy CB Defense (Confer).

sax_man424
New Contributor II

Has anyone had any luck with getting the script to work with the most recent release of Cylance? I'm new to JAMF and have had lots of issues with trying to get the script to work properly.

Chris_Hafner
Valued Contributor II

Yep. We've distributed 2.0.1450 to several hundred computers and ran an in-place upgrade for a similar amount. What seems to be the issue?

sax_man424
New Contributor II

I'm having a extremely hard time trying to get the script to work properly. The .pkg file I created in Composer finishes successfully though Cylance is not installed. Also, when I run the script (by running "sudo sh /private/tmp/Cylance/install_cylance_with_token.sh") a new file is created that contains the token but the below errors are displayed.

myusername$ sudo sh /private/tmp/Cylance/install_cylance_with_token.sh : command not founde/install_cylance_with_token.sh: line 3: installer: Error trying to locate volume at / : command not founde/install_cylance_with_token.sh: line 6:

I've verified the folder permissions are correct in Composer but still no luck. I'm fairly new to scripting with macOS (and also with JAMF in general) though I copied the script from the original post to verify I didn't miss something.

Chris_Hafner
Valued Contributor II

OK, just to cover all of our bases. Please double check the following. There should be a Directory in /private/tmp called Cylance. This will look like this in Composer (feel free to remove the .DS_Store)
90a0709f0ad5453f9dd9487027899064

I've screwed this up in the past by changing the name of something... like the installer package itself.

The "install_cylance_with_token.sh" contains the following (note, TOKEN-GOES-HERE should be repalced by your actual token):

#!/bin/sh #!/bin/bash echo TOKEN-GOES-HERE > /private/tmp/Cylance/cyagent_install_token sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target / exit 0

The PostInstall script will look just like this:
d5a175f6f2db40a8ba52ea3fc42d8217

What appears to be different with what you have?

sax_man424
New Contributor II

The post install script was not present, I added it and then from a Terminal ran "sudo sh /Private/temp/Cylance/install_cylance_with_token.sh and it ran without issue. I re-saved the /Private/temp/Cylance/install_cylance_with_token.sh on the device and I just tested it via JAMF.

Thank you for your help, I really appreciate it!!

Quan_nong
Contributor

Hi All - Hoping you can assist

I've created the unattended sh file with the following content

!/bin/sh

!/bin/bash

echo PLACE_TOKEN_HERE > /private/tmp/Cylance/cyagent_install_token sudo installer -pkg /private/tmp/Cylance/CylancePROTECT.pkg -target /

Packaged into composer and uploaded to jamf. when the command to run the unattended file initiates, it installs cylance and creates a txt file called cyagent_install_token in the location of where the install install pkg is contain the "token" and then Cylance pops up asking to input the token key

I'm I going wrong somewhere, as I would like the token to be entered too during the installation

Chris_Hafner
Valued Contributor II

@Quan.nong Are yous till dealing with this? Sorry, I haven't been following this post very well. I would start looking into permissions but I figured I'd verify you still have the issue first.

Quan_nong
Contributor

@Chris_Hafner Thanks for following up Chris. We've actually parked this solution, due to us renewing our license with Sophos

cmudgeUWF
New Contributor III

Did anyone have an issue with the execution script saying "permission denied" when running from /private/tmp/Cylance? The script looks right, but I can't get the script to run...

znilsson
Contributor II

@cmudgeUWF No, but when I built my Cylance package in Composer I set the package and everything in it to full read/write for everybody. I haven't had any permission issues with it.

cmudgeUWF
New Contributor III

I think I managed to figure it out. I got root to have permissions, and it seems to work ok now.

pdinh
New Contributor

I am able to get Cylance installed correctly, but the pkg also installs an Uninstaller app that I dont want on the users machine. Does anyone know how to remove it?

cprimero
New Contributor III

@pdinh I am in the same boat with that one. What I have done is create a smart group stating if "Cylance" does not exist. Then add that smart group to an on-going policy that will install Cylance if the computer enters that group. A work around until I hear from cylance or look through the package contents, which may give me a clue.

Hope this helps.

pdinh
New Contributor

@cprimero thats actually pretty smart. i'll have to try that. Thanks for the work around!

avanauken
New Contributor

I was unable to get a custom package working so instead I just used a script. So, my steps were.
1. Download CylancePROTECT.pkg from my Cylance portal.
2. Upload it to my web server
3. Put the script below into Jamf (we use Jamf school) and run it.

#!/bin/bash

#Make Cylance Directory
mkdir -p /usr/local/bin/cylance

#Go to Cylance directory
cd /usr/local/bin/cylance

#download CylancePROTECT.pkg
curl -LO http://your-web-server/CylancePROTECT.pkg

#Run Cylance Installer
echo replace_with_your_token > /usr/local/bin/cylance/cyagent_install_token
echo VenueZone="replace_with_your_zone" >> /usr/local/bin/cylance/cyagent_install_token
sudo installer -verboseR -dumplog -pkg /usr/local/bin/cylance/CylancePROTECT.pkg -target /

exit 0

KyleEricson
Valued Contributor II

How do you deploy CylanceOPTICS,pkg?

Read My Blog: https://www.ericsontech.com

CredibleIT
New Contributor

Hey people, just wanted to share how it worked for me. My thing was, when I was deploying a pkg as @Chris_Hafner described, Cylance was still asking me for a reg token(even after when Ive run the policy successfully). So my issue was in Files and Processes I have modified and entered the following command,

sudo sh /private/tmp/Cylance/install_cylance_with_token.sh

Rebooted, and agent worked without any issue.

dmitryrodi
New Contributor

Hey people, just wanted to share how it worked for me. My thing was, when I was deploying a pkg as @Chris_Hafner described, Cylance was still asking me for a reg token(even after when Ive run the policy successfully). So my issue was in Files and Processes I have modified and entered the following command,

sudo sh /private/tmp/Cylance/install_cylance_with_token.sh

Rebooted, and agent worked without any issue.

Laina619
New Contributor

This tread was very useful and I read through it many times but I kept running into issues. Being new to scripting on a MAC I kept getting the error "command not found". Finally reached out to JAMF support and the install shell script was not in plain text, it was rich text. I was not aware that was a thing or how to change it. JAMF support determined that issue and we were able to get Cylance installed. We then ran into the issue of requiring to allow permissions so we had to create a PPPC and allow extension. https://community.jamf.com/t5/jamf-pro/cylance-system-extensions-with-bigsur/m-p/230861 

 

Now I can move on to my next software deployment through JAMF!