We use Carbon Black App Control on our macs and I also have Chrome set up in the Jamf App Catalog. When Jamf tries to push Chrome out Carbon Black blocks it. My question is if Jamf fails to install Chrome via the App Catalog does it delete the installer .pkg file? The issue with getting Chrome whitelisted in Carbon Black is we can't get the hash for the files because it's gone after it fails. Also, is there a standard directory where Jamf puts the installers that we would possibly whitelist?
Carbon Black isn't checking packages in Jamf but checks the packages on the mac. When Jamf detects there is an issue deploying the package it deletes it before Carbon Black can get any info from the .pkg file. In Carbon Black, it shows (none) for the Publisher and hash.
yes, I gathered that it's checking what the package is on the machine vs whatever is in Jamf...what I'm saying is that in the Jamf Apps settings for that App it has the MD5 hash of the PKG used, the info should be enough for you to whitelist it in something like Carbon Black to keep it from blocking it, as far as it deleting the pkg, I'm not sure and would have to ask.
Yes, I get that. We have Google added as a publisher in Carbon Black but the file is deleted before Carbon Black can get that information from the .pkg file. I cant get any information from Jamf on why this is happening.
Jamf Pro has those installers go to: /Library/Application Support/JAMF/Downloads
Generally good practices would be to restrict the security tools from inspecting certain activities in specific folders used by other agents to prevent these kinds of issues, or from interaction with each other if you have multiple agents installed.
These are the File Properties we get on the file. The same thing for the file downloaded using the link from the App Catalog for Chrome: https://dl.google.com/dl/chrome/mac/universal/stable/gcem/GoogleChrome.pkg Yes we could approve the MD5 but I believe that changes with each new version released.