Posted on 02-04-2019 02:00 PM
Hi all,
I'm currently working with Cisco AMP, and I'm curious if there is anyway, be it through scripting, config profile, etc. to silently allow full disk access for it.
I have a PPPC config profile in place that allows AMP access to pretty much everything, but the issue remains that a user needs to drag and drop the "ampdaemon" file into Full Disk Access pane.
Is there anyway to move this file in the background so user intervention isn't needed?
Posted on 02-04-2019 02:12 PM
Can you not drag-and-drop ampdaemon into PPPC Utility when you build the profile?
If not, check out tccprofile, I've had better luck whitelisting app binaries and scripts using that tool.
Posted on 02-04-2019 02:19 PM
@sshort that did the trick! I guess I've been messing around with this for so long that idea never crossed my mind.
Thank you!
Posted on 02-06-2019 01:46 AM
I had the same issue, so thanks @sshort ! Used PPPC Utility to create the config and it worked like a charm! Now when the new version of AMP is installed it works without user intervention.
Btw it doesn't show in the Security & Privacy in System Preferences like the instructions from AMP shows but it works fine...
Posted on 09-23-2019 02:06 AM
Hi,
I have a similar issue with Trend Apex One Antivirus. I don't manage to drag and drop the "iCoreService" in PPPC Utility, it won't show up and also get access denied when trying to save in tccprofile. Is there another way to whitelist it to get Full Disk Access?
https://success.trendmicro.com/solution/1122542-preventing-compatibility-issues-in-macos-mojave-10-14-with-worry-free-business-security-services
I could import the file into PPPC utility after copying it to my desktop, then changed the identifier path manually but it did not did the trick... And it never shown under Privacy in Security and Privacy settings vs the PCCC whitelist for Teamviewer does show there.
Am I missing something ? I'm out of ideas...
Thanks in advance!
Posted on 09-26-2019 05:49 AM
@MichMich You can sudo chmod "iCoreService" to 750 prior to dragging it into the PPPC Utility.
That should give you the results you want. The iCoreService has permissions of 710 normally.
Posted on 10-01-2019 10:59 AM
Anyone know how to bounce the "icoreservice" with a command so we don't have to reboot a device or re-install trend? @rrouleau thanks for the info, that really helped!
Posted on 10-01-2019 11:31 AM
@NielsvdSteen Configuration Profiles for PPPCs do not get reflected in the Security & Privacy section.
End users will not see whether your app has been given full disk access.
Posted on 10-23-2019 12:24 PM
@lrgeissbuhler Did you find a solution for the need to reboot a device?
Posted on 11-06-2019 06:36 AM
Just received this email yesterday:
Regarding unloading and loading agents.
Here's the instruction:
1. Download the script below:
https://box-us-file.trendmicro-cloud.com/SFDC/external_shared/a525e1b84620371069e974a08ac42258.php
2. On the Mac machine desktop, place the "unload.sh" file.
3. Open terminal.app and run the following commands:
sudo su cd Desktop ./unload.sh
Note: After unloading TMSM, the t-ball icon will still be on the tray.
If you want to reload the TMSM Agent, run the following command in the previous terminal window:
> ./load.sh
Posted on 11-08-2019 04:40 AM
@Irgeissbuhler
Did Trend Micro give you a password to unpack the zip file?
Posted on 12-19-2019 11:52 AM
At least with the Version we deploy in our environment, I do the following script listed below:
Not the most elegant thing int he world however, it works for us, you may not want to do this if you want version control, as this will give you the most up to date version always.
(Replace <URL> with the fully qualified path in your trend instance, to the installer file)
#!/bin/bash
#Switch to the /tmp directory
cd /tmp
#Download the Trend installer
curl -O -k https://<URL>/tmsminstall.zip
#Unzip the installer
unzip /tmp/tmsminstall.zip
#Install the Trend Software
installer -pkg /tmp/tmsminstall/tmsminstall.pkg -target /
#Clean up the folder
rm tmsminstall.zip
rm -rf /tmp/tmsminstall
exit 0
Posted on 07-07-2021 03:40 PM
I have an issue with the PPPC utility with giving access to full disk with some apps. I get the following error "'Authorization' has an invalid value." And yes I checked the "Big Sur Compatibility" slider to make sure it would work with Big Sur. Any suggestions?