Posted on 09-23-2020 04:23 AM
Hi everyone!
Following an update to Trend Micro's Apex One SaaS platform to v.3.5.3617, they have moved the iCore service to a new location which will have significant issues for those who need to update their PPPC profiles!
The new location for the iCore service is:
/Applications/TrendMicroSecurity.app/Contents/Resources/iCoreService.app/Contents/MacOS/iCoreService
The new Code Requirement is:
identifier "com.trendmicro.icore" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = E8P47U2H32 SystemPolicyAllFiles = Allow
Good to see that Trend Micro is getting the platform ready for supporting Big Sur from the beginning!
Posted on 09-23-2020 05:54 AM
Thanks for posting this so quickly. I've updated my previously working PPPC profile for our Apex One but I still don't see iCoreService listed after the profile applies and I've added the TrendMicroSecurity.app to the profile and that appears, but isn't checked. What am I missing?
Posted on 09-23-2020 06:56 AM
Setting it up like above I get a Failed Command in the Inventory of my test machine.
In the payload (UUID: 543F8AE3-ED19-49E8-9645-9EB3BB104268), the key 'CodeRequirement' has an invalid value.
Posted on 09-23-2020 06:58 AM
Don't we also need to give Trend Micro.app full disk access as well?
Posted on 09-23-2020 07:19 AM
I was only made aware of the change following an overnight update to the Apex One application and being met with the attached image:
So I believe that the PPPC setup for Apex One on all versions up to v.3.5.3617 will be fine, but when the Agent and Console are updated you will need to have the new location added to the PPPC profile
Posted on 09-23-2020 07:58 AM
I just pushed out the new PPPC but it does not start working until Trend is restarted. Anyone have a script for that?
Posted on 09-23-2020 10:25 AM
I must be missing something Still getting invalid value in code requirement. Can I get a copy paste of what is in one that works? Or a download of one that works? I can deal with restarting the app that's way easier than trying to get the rest done for each user.
Posted on 09-23-2020 11:30 AM
@erichughes Here is a screenshot of the PPPC config that works for us... Hope it helps.
Just in Case...
Identifier: com.trendmicro.tmsm.MainUI Identifier Type: Bundle ID Code Requirement: identifier "com.trendmicro.tmsm.MainUI" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = E8P47U2H32 App or Service: SystemPolicyAllFiles Allow
and
Identifier: com.trendmicro.icore Identifier Type: Bundle ID Code Requirement: identifier "com.trendmicro.icore" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = E8P47U2H32 App or Service: SystemPolicyAllFiles Allow
Posted on 09-23-2020 01:07 PM
Thank you very much. Finally got it. The star characters were messing me up. Once I got that it works once the client machine is restarted. Much appreciated.
Posted on 10-27-2020 08:18 AM
@erichughes I am also getting the same error. when you say the star characters, what exactly do you mean?
Posted on 10-27-2020 08:28 AM
@erichughes Sorry. I see the star characters you were talking about. I just added them and am waiting to see if it works. Thank you all.
Posted on 11-02-2020 09:56 AM
We use WFBS Trendmicro and had to do the same thing last night for our macs as well.
Posted on 12-15-2020 07:26 AM
Has anyone successfully gotten this to work on Big Sur? I've followed the above comments and created my own PPPC(using the utility). I'm always getting: the key 'Authorization' has an invalid value. Anyone willing to export their working config for Big Sur?
Posted on 12-28-2020 05:12 PM
How did you proceed with Kernel Extensiond Approved?
Posted on 01-07-2021 11:47 PM
Can anyone please share their profile and Kernel Extension? I get the same screen as SAMT above.
I used the following article: https://success.trendmicro.com/solution/000277823#
Posted on 01-08-2021 08:56 AM
I've been struggling with Trend also. Working both with JAMF and TrendMicro on this issue. Please if anyone has a PPPC that they can share, that would be most helpful.
Posted on 01-15-2021 02:40 PM
@jbryant Were you ever able to get this resolved in Big Sur? Did JAMF or TrendMicro have any feedback?
Posted on 01-18-2021 11:07 AM
We found checking the FIELD_ALLOW_NON_ADMIN_USER_APPROVALS at least allows users to authorize their own kernel extensions, but we've still been unable to completely automate it.
Posted on 01-19-2021 07:21 AM
Hello everyone,
I stumbled upon this thread while trying to get TMSM upgraded to support Big Sur for my organization. I believe I have created a configuration profile to eliminate all prompts - I found the Trend documentation incomplete so I wanted to share what I put together.
I have three privacy profile settings. Two are based off of the Trend documentation, and the last one is based off the prompt from the application to give the extension full disk access (which is not in their documentation).
Next, I have a Kernel Extension payload. I did not specify the Bundle IDs, but you probably could (in Trend's documentation).
Next is a System Extension payload. This is also not in Trend's documentation, but will suppress the "iCoreService would like to filter network content" message.
Even with this system extension, after Trend starts up, there will be an additional "iCoreService would like to filter network content" message. To suppress that, I had to create a content filter payload. Full disclosure - I am not sure if the Filter Order should be Inspector or Firewall. I went with Inspector as that is what another application we use uses (CrowdStrike).
With all these pieces together, I no longer get any Apple prompts. On Big Sur, Trend will still prompt to approve the system extension (even though it's already approved). When the user opens system preferences, they will get a message that they need to reboot (new behavior with Big Sur that reboots are required for system extensions). After a reboot everything should be fine without any additional prompts.
Posted on 03-16-2022 08:03 PM
Thank you @mnickels! Your recipe still works like magic with version 3.5.5855 on macOS 12.3 Monterey. The 'Content Filter' trick does the job just fine to ditch the annoying 'network content filter' pop-up message.
About PPPC App Access for 'com.trendmicro.tmsm.MainUI' and 'com.trendmicro.icore', I just allowed 'SystemPolicyAllFiles' as recommended in the official Trend Micro documentation and everything appears to work just fine, without any 'full disk access' prompt so far. Was there another specific reason to allow 'Accessibility' and 'AppleEvents' to them that I'm not aware of?
Thanks again! You made my day!
Posted on 01-25-2021 07:33 AM
You are correct mnickels. I have worked with our Trend Support rep and he actually provided me with some "Official" PPPC's. Granted I had to fix one of them and added a few more to the allowed list(Don't forget to restart after install). I can provided if someone has need of them. Also I'd like to point out that if you have M1 computers in your future, they are NOT supported by TrendMicro. Even manually installing the client, it will not function as inteneded. I just learned that support for the Apple M1 chips is planned for Q2 2021.
Posted on 01-26-2021 01:15 AM
@jbryant Can you please share the profiles with me? We keep struggling with TM on Big Sur. Any help will be much appreciated.
Posted on 01-26-2021 03:39 AM
@jbryant I've had a look on Big Sur on an M1 and Trend installs fine and appears to run but there is no way to automate approval of the kernel extension like before. It's incredibly annoying.
Posted on 01-27-2021 01:02 PM
From TrendMicro (aka Horse's Mouth):
Screenshot was modified to protect the innocent...
Here is a link to my PPPC's: Google Drive Link. There are 5 PPPC's in this .zip file. 4 are from TrendMicro and the 5th one, "Trend Micro - iCoreService v2" was mine that I had to create and test and test and test. I'm sure someone out there could combine these PPPC's and make this a more pleasant experience to upload and manage but this is how I was able to make it work.
Again, this is for INTEL Big Sur computers ONLY and REBOOT IS NEEDED after install. M1 is NOT SUPPORTED. I hope this helps!!
PS- If you are able to combine these PPPC's hit me up with a download link.
Posted on 02-11-2021 06:46 AM
Hello,
I've been able to get all but browser plugin extension for -Mozilla Firefox Extension working. The download to the mobileconfig is here: https://success.trendmicro.com/solution/000277823#
when I upload the mobileconfig, nothing is shown in Custom Settings. Has anyone gotten this to work? FWIW - on the macs that I've tested, I don't even have Firefox installed.
Posted on 02-18-2021 06:42 AM
@ jbryant
Thanks for sharing the profiles. I had to make 1 adjustment in the "TrendMicro_-_System_Extension" profile (see attached image) .
Posted on 02-22-2021 02:49 PM
@mnickels So I created all of this, looking at your screenshots and the Trend documentation, however I continually get Failed - Under Status it says: In the payload (UUID: 06BB9690-EC13-44DB-A756-B6E68A2B4135), the key 'CodeRequirement' has an invalid value.
Posted on 03-30-2021 08:32 AM
@jbryant , the 2 netfilters are encrypted, any help on getting the non encrypted ones, or was this intentional , thanks.
Posted on 03-30-2021 10:37 AM
i posted the question about about encrypted, then found this command to use : openssl smime -inform DER -verify -in ~/Settings.mobileconfig -noverify -out ~/Unsigned.mobileconfig
i then stripped out what i needed, but still get the "com.trendmicro.icore" Would like to Filter Network Content - Allow/Dont Allow
more tuning , but ill fix it eventually.
Posted on 04-09-2021 05:21 AM
I wrote to the TM Support and got a PDF Manual, titled with"Suggestions for MDM regarding Apex One.pdf". At this time, I try to create a policy that will work and give it a try. I will update this thread with the results.
EDIT:
I had to edit my original posting, because it is not possible to attach files (only pictures) to a post.
Posted on 08-30-2021 08:38 AM
Recently we have been getting Trend needing Icore Service.app checked in the Sec&Priv > General tab. How do we automate this? We have the config profiles set but this still insists on manual interaction.
Posted on 08-31-2021 12:59 AM
Is that on an m1 mac?