Installing Proofpoint Obersveit Agent and Autoupdater

SMR1
Contributor III

Has anybody installed this before. I was tasked with getting this added to Jamf. I uploaded the mobileconfig file and the script. I uploaded observeit-cloudagent-OSX-bundle-2.2.0.313.pkg. It looks like it deployed, but not sure how to confirm and the department who is in charge of this doesn't know either, so they opened a ticket with the vendor.  As for the autoupdater package, does that also require its own script and mobileconfig? I deployed it, but got a message asking where the preinstall.json was located and if you hit cancel it brings up another error about a config profile.

8 REPLIES 8

kvmart
New Contributor II

If the software is deployed properly, the department that has access to ITM should be able to find data from those hosts within the ITM portal. They can simply search or filter by hostname or user to confirm that data is coming from that endpoint.

As for the updater, I'm actually working on deploying the updater on my next attempt, my initial ITM rollout actually caused a lot of permission prompts to come up even when using the mobileconfig provided by Proofpoint (With permissions already predefined). The only way I've been able to hide most of the prompts (other than accessibility) is by deploying the profile, restarting the Mac and then attempting to deploy ITM once more.

SMR1
Contributor III

The group confirmed they can see my Mac on the backend, so the agent portion is working fine with using the mobileconfig profile. To go back to my other question, does the autoupdater have it's on mobileconfig file like the agent does?

daniel_behan
Contributor III

The vendor-provided PEA Viewer config profiles should work, especially if they're installed prior to the agent or agent updater.  If your security team is attempting to enable screen recording, make sure they're keeping up to date on the agent versions.  Version 2.4 seems to work with macOS Ventura.

SMR1
Contributor III

I'm just waiting for the config profile for the autoupdater from the vendor. When we install it, we're just having the user going in to enable screen recording.

SMR1
Contributor III

I got the required files and created 2 packages one for the agent and one for the updater. It would be nice to have these both in one policy instead of 2 separate installs. I'm not seeing anything show up under accessibility, I get the screen recording prompt for a second and then it goes away.

daniel_behan
Contributor III

Check with Proofpoint.  Their suggested best practice is to install only the Agent Updater and let their console deploy the Agent.  As long as you're using their PEA Viewer configuration profile, the accessibility and screen recording prompts should be ok.  Agent version 2.5.x should work for macOS Ventura and macOS Monterey.

For this we have to install the initial package to make sure everything works. What also makes this is a pain is that we use CyberArk and that causes nothing but headaches. If I install in this order, config profile, updater and then the agent. The logger never shows up under Accessibility, but it does for Screen Recording. Still waiting to get a meeting setup with the vendor. I checked with the the group that will be managing this and and they said the updater and agent are showing up on there end.

SMR1
Contributor III

Finally got the correct files and everything seems to install. I just have one issue, since we use cyberark, when the screen recording prompt comes up, it's only for a split second and then the generic cyberark prompt comes. It'll keep coming up every 5 minutes and will eventually automatically check the screen recording box. I've tried changing up the config file so it doesn't force the user to check the box and we would just include that step in our communication.