We have been looking to switch from Symantec Endpoint Protection to Microsoft Defender ATP due to the kernel panics we have been getting from SEP. Fresh image is working great. Config Profiles created before ATP installs and prevents any popups.
The problem I have is with existing machines that have SEP installed. I need to have SEP uninstalled, update inventory, and install ATP.
I am doing this by chaining 3 policies together. Each work on their own, however, the 1st policy removing SEP needs a reboot. That is where I am having issues. Below are the steps I am doing.
1st Policy - Removing SEP via script (Info in link). Files and Processes with
Execute command sudo jamf policy -event forceupdate
https://gist.github.com/rderewianko/6aa0032f19e57b595e0fdae4470f6286
2nd Policy - Update Inventory via Maintenance section
Custom trigger of forceupdate
Files and Processes with execute command sudo jamf policy -event
sepuninstallcomplete
I had maintenance setup in the 1st policy to check in but it was not working.
I need this policy so it checks into Jamf and adds the ATP Config Profiles
before the installation of ATP.
3rd Policy - Installing ATP
Custom trigger sepuninstallcomplete. Policy includes the install package. Maintenance setup to update inventory.
This is the error I see when I check the details of Policy 1 (SEP Removal)
Result of command:
Checking for policies triggered by "forceupdate" for user "precat"...
Could not connect to the JSS. Looking for cached policies...
No policies were found for the "forceupdate" trigger.
I also cannot open Self Service. I get the red bar stating it cannot connect to the JSS. I need to reboot in order to get back into Self Service.
Is there a way to reboot after Policy 1 and login, Policy 2 kicks in followed by policy 3?
