Hi Jamf Nation,
I am using a security agent and want to make sure users do not turn it off. While the app itself is good at remaining hidden, it can be located and forced quit in Activity monitor.
I have been working in a Smart Group to have the security agent turn on if a user turns it off. The root application is com.rapid7.ir_agent and the process is ir_agent.
I have tried using "Running Services," but it does not seem to determine if the app/process in on or off.. I am checking in to the inventory manually when testing to bypass the fact the this can only be checked during inventory check ins.
Has anyone built a smart group for this function, or have done something like this where they have a trigger that will turn on an application if a user turns it off?