Posted on 05-19-2020 07:34 AM
Does anyone know how to best Package up the Malwarebytes Endpoint Agent for Business? The file they provide has special characters so it prevents me from just uploading it directly into Jamf. I have tried changing the name and am able to upload it, but when it installs, the icon appears on the Menu bar, but is not interactive (can't click to start a scan) and does not appear in their Nebula platform.
I've added the kernel extension in Configuration Profiles. And I can perform the manual install on a computer successfully. I'm currently using Movaje, but will be looking for any other help for Catalina that might vary given we will be migrating this summer.
Thank you.
Posted on 05-19-2020 09:48 AM
I haven't looked into this specific case, but you might be able to create a "package in a package." Using your preferred package creation tool, create an installer that places the Malwarebytes .pkg file into someplace like /tmp. Then, add a postinstall script to the package that installs the Malwarebytes .pkg.
Posted on 05-19-2020 11:11 AM
I've never had any trouble uploading or deploying Malwarebytes packages generated from AutoPkgr.
As always, test before deployment.
Posted on 05-20-2020 08:21 AM
@pete_c Are you referring to the consumer Malwarebytes, or the managed Malwarebytes Cloud client? I wouldn't think you'd be able to do a Autopkg recipe for the managed client.
Posted on 05-27-2020 02:58 PM
@dwaterbury Good afternoon i am also trying to get this application running in our environment at the moment if you dont mind me asking how did you setup your configuration profile to bypass the KEXT for the app. So that the requirement to have user click allow is not a need?
Posted on 05-29-2020 07:58 AM
@dwaterbury I sent the same question in to Malwarebytes support. We just pulled the trigger to get started so we can deploy this out. The way I'm intending to get around this in Jamf is by hosting the file and creating a shell script to curl it down.
@bjones Malwarebytes have two articles here, and here that should be helpful.
Posted on 06-03-2020 09:33 AM
Hi Everyone. Thank you for the responses. I reached out to Malwarebytes Support to get the answer. I was able to use push it out last Friday and I started seeing computers come into their "Nebula" interface.
The Support Tech said to download the mac .pkg from them and just change the 2 brackets in the name to _
I had initially tried renaming it differently, but some sort of licensing number is within those brackets and it prevents the laptop from registering within Nebula.
Here is an example of what it looks like initially when you download it:
Setup.MBEndpointAgent_[abcdefghi-1234-5678–jklm-nopqrstuvwxy]__.pkg
Here is how it will look after you edit the name of the file:
Setup.MBEndpointAgent__abcdefghi-1234-5678–jklm-nopqrstuvwxy___.pkg
After doing this, I was able to load it into our JAMF cloud instance without a problem.
After I pushed it out, with a Restart of the computer after install, the users appeared in the Nebula interface.
I also created a Configuration Profile that Approved Kernel Extension TeamID: GVZRY6KDKR
As was instructed here.
I hope this helps everyone.
Posted on 06-17-2020 07:48 AM
@dwaterbury are you simply removing the brackets and adding an underscore to make the pkg file work? if so how many on each end?
Posted on 06-17-2020 08:13 AM
@dwaterbury Last time I checked, the MalwareBytes package did not correctly load the LaunchAgent it installs. So you can add this as a payload to your policy to load the LaunchAgent after the package installs, which might eliminate the need to restart:
#!/bin/bash
loggedInUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk '/Name :/ && ! /loginwindow/ { print $3 }' )
loggedInUID=$(/usr/bin/id -u "$loggedInUser")
identifier="com.malwarebytes.UserAgent"
agentPlist="/Library/LaunchAgents/$identifier.plist"
# Stop the LaunchAgent if it is running
if launchctl list | grep "$identifier" &> /dev/null ; then
/bin/launchctl asuser "$loggedInUID" /bin/launchctl unload "$agentPlist"
fi
# Load the LaunchAgent
/bin/launchctl asuser "$loggedInUID" /bin/launchctl load "$agentPlist"
exit 0
Posted on 11-18-2020 11:58 AM
I have the policy created without the brackets and adding the underscore but it doesn't show that its being installed, I just show a pending in the logs, I seen the payload info above but can you tell me where that would go?
Posted on 11-18-2020 12:10 PM
I also have the policy without the brackets. With JAMF, since brackets are not allowed, you'll need to replace the brackets with underscores.
Posted on 12-01-2020 05:26 PM
(just chiming in to confirm removing the bracket on either end and replacing with _ works, you will have 2 underscores in front and 3 on the trail)
Anyone know how to make a smart group to search who has this installed and who does not? I've been banging away at a few different ways but can't seem to find it.
Posted on 12-01-2020 06:05 PM
also this is helpful as well:
https://support.malwarebytes.com/hc/en-us/articles/360047485253-Grant-Malwarebytes-Endpoint-Agent-Full-Disk-Access-for-Mac-endpoints-using-UAMDM
config profile for Malwarebytes full disk access, which is needed
Posted on 12-14-2020 06:16 AM
I couldn't find anything to search with so I created an Extension Attribute to check if Malwarebytes Nebula Endpoint Agent is installed or not.
#!/bin/sh
if [ -d "/Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent" ]
then
echo "<result>Installed</result>"
else
echo "<result>Not Installed</result>"
fi
Posted on 03-24-2021 05:58 AM
Malwarebytes uninstall script any thing is available?
Posted on 03-24-2021 06:52 AM
as a follow up, if your running MB from the enterprise web version, simply deleting it from the server will force an uninstall on the end points.