Help

Jamf App Catalog - Installer File (Chrome)

dwynn
New Contributor III

Posted on ‎11-30-2022 12:16 PM

We use Carbon Black App Control on our macs and I also have Chrome set up in the Jamf App Catalog. When Jamf tries to push Chrome out Carbon Black blocks it. My question is if Jamf fails to install Chrome via the App Catalog does it delete the installer .pkg file? The issue with getting Chrome whitelisted in Carbon Black is we can't get the hash for the files because it's gone after it fails. Also, is there a standard directory where Jamf puts the installers that we would possibly whitelist?

0 Kudos
Reply
6 REPLIES 6

TheAngryYeti
Contributor II
Contributor II

Posted on ‎11-30-2022 02:27 PM

I’m not sure how carbon black is checking the packages yet in Jamf you can get the hash from the Jamf apps section in the details of the app.

0 Kudos
Reply

dwynn
New Contributor III
In response to TheAngryYeti

Posted on ‎11-30-2022 02:46 PM

Carbon Black isn't checking packages in Jamf but checks the packages on the mac. When Jamf detects there is an issue deploying the package it deletes it before Carbon Black can get any info from the .pkg file. In Carbon Black, it shows (none) for the Publisher and hash.

0 Kudos
Reply

TheAngryYeti
Contributor II
Contributor II
In response to dwynn

Posted on ‎11-30-2022 03:28 PM

yes, I gathered that it's checking what the package is on the machine vs whatever is in Jamf...what I'm saying is that in the Jamf Apps settings for that App it has the MD5 hash of the PKG used, the info should be enough for you to whitelist it in something like Carbon Black to keep it from blocking it, as far as it deleting the pkg, I'm not sure and would have to ask.

0 Kudos
Reply

dwynn
New Contributor III
In response to TheAngryYeti

‎11-30-2022 03:34 PM - edited ‎11-30-2022 03:35 PM

Yes, I get that. We have Google added as a publisher in Carbon Black but the file is deleted before Carbon Black can get that information from the .pkg file. I cant get any information from Jamf on why this is happening. 

0 Kudos
Reply

cdev
Contributor III

Posted on ‎12-01-2022 09:20 AM

Jamf Pro has those installers go to: /Library/Application Support/JAMF/Downloads

Generally good practices would be to restrict the security tools from inspecting certain activities in specific folders used by other agents to prevent these kinds of issues, or from interaction with each other if you have multiple agents installed.

0 Kudos
Reply

dwynn
New Contributor III
In response to cdev

‎12-01-2022 11:36 AM - edited ‎12-01-2022 11:40 AM

dwynn_1-1669923602223.png

 

These are the File Properties we get on the file. The same thing for the file downloaded using the link from the App Catalog for Chrome: https://dl.google.com/dl/chrome/mac/universal/stable/gcem/GoogleChrome.pkg Yes we could approve the MD5 but I believe that changes with each new version released. 

0 Kudos
Reply