Prey & Camera Notification on 10.14

TomDay
Release Candidate Programs Tester

Updating my Install Prey policy and script to test the latest installer etc on Mojave and got prompted with this gem.
fa2a2fea435646628b6ed320bee57d2f

We can avoid this with a config profile of course but wondering if anyone has spoken with Prey to somehow get this configured as part of the deployment/install process so the thief doesn't get prompted to allow Prey ;-) I'm figuring there is nothing Prey can do since it's part of the built in security of the OS.

Please LMK how you have adjusted your workflow/install process to avoid this?

5 REPLIES 5

larry_barrett
Valued Contributor

We don't use prey, but you need to push out a config profile with the PPPC and Kext info it should prevent the message from popping up.

Assuming the Prey stuff is signed, in Terminal do: codesign -dr - /Path/To/Your/App (or drag the app into terminal after the bold part.) . This will get you the Team ID for the Kernel extension to setup the PPPC portion of the Config profile.

If it's not signed you gotta get ahold of the company or sign it yourself.

Here's a link to the Kext Google Doc (prey is missing) https://docs.google.com/spreadsheets/d/1IWrbE8xiau4rU2mtXYji9vSPWDqb56luh0OhD5XS0AM/edit#gid=1384049...

sshort
Valued Contributor

@TomDay @larry_barrett This is PPPC profile related, however for camera and mic access Apple does not allow an admin to pre-authorize. You can only deny access to camera or mic, so this pop-up must be explicitly approved by the user. No way to prevent that message from appearing.

This screenshot is from the config profile reference guide: d7956741783145628b5bd64d08e72729

TomDay
Release Candidate Programs Tester

@sshort Great call! I'll have to contact Prey to see what their plans are. Doesn't make much sense for us to be prompting the thief to allow cam access!

larry_barrett
Valued Contributor

Smart. Camera and Mic are locked down by Apple so unless they change...

joseph_english
New Contributor II

It's true that you can't force those settings on, but I was able to get around this problem by pushing a config profile that explicitly forces those settings off. I denied access to ScreenCapture and Camera, tested it, and no more pop-ups warning potential thieves. I gave the profile a generic name (Defaults) in case the thief went poking around in the Profiles section. The screencaps and "candid" pics of thieves weren't all that important anyhow.

However, I just had another device show up in Prey yesterday, and when I marked it as missing, there were new options there to not attempt to take pictures or screenshots. I haven't tested that out, but it probably removes my need for the profile.

e7a126ce022d49c691f4fae4fb26f494

c4104c942587443c987fe9bb7c4d84c9