Jamf remote assist - pkgs / binaries / launchdeamon - all installed WITHOUT enabling!!

jamf-42
Valued Contributor II

Since the JAMF Cloud update over the weekend, I see all clients now have the JAMF Remote assistant binaries / apps etc installed and a launchdeamon running.. 

We do not have it enabled in JAMF.

We cannot have remote access apps / binaries installed without testing and passing security etc. 

There is no way to disable this 'functionality' of auto installing (I've asked)

There are no official uninstall processes at the moment (I've asked) 

This is a very very bad idea installing this automatically.

11 REPLIES 11

AJPinto
Esteemed Contributor

I have noticed that JAMF Clouds patching leaves a bit to be desired. Notification of date happens literally the day before the patches. My org wants notifications for changes in the week before they happen. Heck, I just need to know the week so I know when to submit the request, I can set time windows later. I ask my reps about a possibility for earlier notifications and get no response. 

 

I get needing to beta test, but not all of us have time for that.

They announce it 2 to 3 weeks before the update is sent out here is the link for the upgrade to 11.1.https://community.jamf.com/t5/release-info/jamf-pro-11-1-now-available/ta-p/303281

 

 

 

sdagley
Esteemed Contributor II

@jamf-42 I don't disagree that being able to selectively enable/disable Jamf Remote would be appropriate, but if you want control over what version of Jamf Pro you're running you should sign up for Jamf Premium Cloud which offers that option (among other things very useful for enterprise type environments).

jamf-42
Valued Contributor II

@sdagley yup.. fully aware of J Prem Cloud.. but that only would delay the issue.. and not provide required updates.. PI fixes..  I note that the installer for jamf remote assist is here in /Library/Application Support/JAMF/Jamf.app/Contents/MacOS/JamfDeamon.app/Contents/Resources/JamfRemoteAssist.pkg

ugh.. 

sdagley
Esteemed Contributor II

I was going to reply that I'd hope a year was long enough to get approval for Jamf Remote Assistant (or get Jamf to make its installation an optional event) since that was what I remember Jamf Premium Cloud offering originally but the current spec sheet states "Choose and upgrade to any current or past two versions". I know we've gone more than two versions without updating in the past so if there is a hard limit of two versions now that's an unfortunate change.

You could always use a Software Restriction (or any other tool you've got deployed for process control) to prevent the Remote Assist process from running.

jamf-42
Valued Contributor II

I need it all gone from all devices.. so far the answer is 'you can write a script'  I really don't have time to engineer a fix to something that should never happen.. 

mm2270
Legendary Contributor III

So, you can't disable the LaunchDaemon? I would imagine turning that off would stop the rest of the functionality, but I have no hands on experience with this new thing yet, so I'm only guessing. I'm not on the latest cloud release yet, so I haven't run into it yet.

That being said, I DO agree with you that it's highly presumptuous of Jamf to just auto install this on each machine. There needs to be some GUI control over this in the Jamf Pro interface. I mean, heck, they let us control whether something like Self Service is even pushed to any enrolled computers, which is a considerably less concerning tool than something that allows for remote assistance or remote access. Lots of environments need to vet things like this and get approval to use them. I'm surprised Jamf is just rolling this out like that with no control over if/when it gets installed. If this is supposed to be their answer to the defunct Jamf Remote.app, then we had control over whether that was enabled for us in each environment as well. This new tool needs to follow the same enablement process.

a_hebert
Contributor

In looking at the pkg with Suspicious Package there is an uninstall script in the pkg Here is the script I founf in it

 

#!/bin/bash
 
#Generate application uninstallers for macOS.
 
#Parameters
DATE=`date +%Y-%m-%d`
TIME=`date +%H:%M:%S`
LOG_PREFIX="[$DATE $TIME]"
 
#Functions
log_info() {
    echo "${LOG_PREFIX}[INFO]" $1
}
 
log_warn() {
    echo "${LOG_PREFIX}[WARN]" $1
}
 
log_error() {
    echo "${LOG_PREFIX}[ERROR]" $1
}
 
#Check running user
if (( $EUID != 0 )); then
    echo "Please run as root."
    exit
fi
 
echo "Welcome to Application Uninstaller"
echo "The following packages will be REMOVED:"
echo "  JamfRemoteAssist-11.1.1-t1701704198"
 
#Need to replace these with install preparation script
VERSION=11.1.1-t1701704198
PRODUCT=JamfRemoteAssist
 
echo "Application uninstalling process started"
 
#forget from pkgutil
pkgutil --forget "org.$PRODUCT.$VERSION" > /dev/null 2>&1
if [ $? -eq 0 ]
then
  echo "[2/3] [DONE] Successfully deleted application informations"
else
  echo "[2/3] [ERROR] Could not delete application informations" >&2
fi
 
#remove application source distribution
/Library/Application\ Support/grapplemdm/Uninstall
[ -e "/Library/${PRODUCT}/${VERSION}" ] && rm -rf "/Library/${PRODUCT}/${VERSION}"
if [ $? -eq 0 ]
then
  echo "[3/3] [DONE] Successfully deleted application"
else
  echo "[3/3] [ERROR] Could not delete application" >&2
fi
 
echo "Application uninstall process finished"
exit 0

jamf-42
Valued Contributor II

yup.. seen all that.. and if you run, it fails.. there is no /Library/Application\ Support/grapplemdm/ 

and thats only for /Library/Application Support/JamfRemoteAssist/11.1.1-t1701704198

much more is lurking in /Library/Application Support/Remote Assist 

including Install Uninstall and Wipe binaries..

Well I thought i found a solution guess not.   I have ours enabled we had Jamf Remote, ARD, and screen sharing already approved so this was easy since it is just essentially a screen sharing utility from what I can gather.   Good luck!

MikeyK
New Contributor III

We had a device with Remote Assist chewing 95% CPU and its process running for 35 hours. 
Spoke to support and they provided the details below. You might need to create an extension attribute to detect that it is installed as its not in the application folder/appear in inventory. 

To Uninstall

sh "/Library/Application Support/JAMF/Remote Assist/Uninstall"


To Install

/usr/sbin/installer -pkg "/Library/Application Support/JAMF/Jamf.app/Contents/MacOS/JamfDaemon.app/Contents/Resources/JamfRemoteAssist.pkg" -target /