Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

Deploying Cisco Amp v.1.9

I've read in all the other articles/discussions on people having the same issues as me in deploying the new version of AMP... but have yet to see a clear-cut solution on getting this deployed...

I've seen the "solution" of finding the hidden policy.xml file in the DMG, but am still a little confused about that part....

Can anyone (maybe not exactly) step-by-step have an easier way of deploying this?

Like Comment
Order by:
SOLVED Posted: by mm2270

Here is what I came up with. Works for me.

First, I created a folder in /private/tmp/ called "ampmac_connector"
I then located and copied the hidden .policy.xml file using Terminal, from the mounted disk image into /private/tmp/ampmac_connector/

cp /Volumes/ampmac_connector/ampmac_connector/.policy.xml /private/tmp/ampmac_connector/policy.xml

Note that in the above, I'm renaming it without the leading period. I'll explain why in a sec.

Also copy the .pkg from that mounted disk image into the same /private/tmp/ampmac_connector/ location. You don't need Terminal for that. Just copy it in the Finder.

Now open Composer, close out of any dialogs asking to create a new package if that comes up.
With the Finder open to /private/tmp/ drag that ampmac_connector folder into Composer's sidebar. This should create a new source. Initially it will take on the name of one of the folder, so rename the source to something else if you like, such as "Cisco AMP" or whatever makes sense for you.

Now, in Composer itself, turn down the folder disclosure triangles so you can drill down into /private/tmp/ampmac_connector/ in it and reveal the files that were copied in. It should look something like this:

Click on that policy.xml files name, and when it highlights for renaming, add the leading period back in the name. It should now look like this:

If needed, you can change the permissions on the files to make sure they are fully readable by all accounts. They should be ok as is, since it was copied in from the /tmp/ directory, but best to check them just in case.

Now, in the source, turn down the arrows to show the Scripts folder. Right or Control click on that to get the menu, and choose both the Add Shell script > preinstall and Add Shell Script > postinstall. This will add both of those script types in.

Here are the 2 scripts I'm using. The preinstall is just a cleanup one, in case there happened to be a previous folder/installer lingering around in that /tmp/ folder.

Preinstall:

#!/bin/sh
## preinstall

BASE="/private/tmp/ampmac_connector"

if [ -d "$BASE" ]; then
    ## Cleanup an old installation directory if found
    rm -Rfd "$BASE"
fi

The postinstall is what does the installation work:

#!/bin/sh
## postinstall

BASE="/private/tmp/ampmac_connector"

PKG="${BASE}/ciscoampmac_connector.pkg"
XML="${BASE}/.policy.xml"

if [[ -e "$PKG" && -e "$XML" ]]; then
    /usr/sbin/installer -pkg "$PKG" -tgt /
    RES=$?
else
    echo "Package or XML was missing. Aborting installation…"
    exit 1
fi

if [ $RES == 0 ]; then
    ## Cleanup folder payload
    rm -Rfd "$BASE"
    exit 0
else
    echo "Installation may have failed with exit code $RES"
    exit $RES
fi

Now just build as a pkg, upload to your Jamf distro and test it out.

I have found this method to work, because it invokes the installer from that ampmac_connector directory, which has the hidden .policy.xml file in it, and it is able to locate it and use it.

Post back if you have any issues with the above.

Like
SOLVED Posted: by rhernandez_hg

Dude! @mm2270
That executed perfectly... bravo!

Followed your instructions and it worked like a charm!
Saved me from a major headache.

You would think Cisco would post something like this when changing installer types...

Like
SOLVED Posted: by robstratton

@mm2270 This workflow for distribution worked great for me as well, thank you for this step-by-step!

Prior to this auto deployment and installing manually on a machine I had to create a new configuration profile with 1) Privacy Preferences Policy Control to allow full disk access and 2) Approved Kernel Extensions in order to grant AMP access in Mac Mojave. My prior configuration profile worked and after the manual install, there was no further action needed.

After this deploying this package though, AMP is no longer has the kernel approved access. Full disk access is still working with the ampdaemon identifier, however approved kernel extension is no longer working with the Cisco team ID: TDNYQP7VRK. AMP still wants the user to manually approve this kernel extension.

Does anyone have a configuration that works for providing AMP the access it needs using this package distribution method?

EDIT: Not sure why it worked prior, but all I needed to do was add two more bundle ID's in the approved kernel extension configuration: 'com.cisco.amp.fileop' & 'com.cisco.amp.nke'

Like
SOLVED Posted: by George-x.chan

@mm2270 @rhernandez_hg Hi Guys,

I'm struggling to copy the policy.xml file ?

administrator$ cp /Volumes/ampmac_connector/ampmac_connector/.policy.xml /private/tmp/ampmac_connector/policy.xml
cp: /Volumes/ampmac_connector/ampmac_connector/.policy.xml: No such file or directory

Any ideas?

Thanks
George.

Like
SOLVED Posted: by Morgan.Cooledge

@robstratton What does your PPPC look like to allow full disk access? I am very new to this and I am trying to learn how to configure this to allow AMP to work for us.

Like
SOLVED Posted: by Morgan.Cooledge

@George-x.chan I found that the file path to the .policy.xml file on my test machine did not actually go through two /ampmac_connector/ folders but only one. So try this instead.

cp /Volumes/ampmac_connector/.policy.xml /private/tmp/ampmac_connector/policy.xml

Like
SOLVED Posted: by George-x.chan

@Morgan.Cooledge thanks ! i've got it sorted now :)

Also for PPPC, i used https://github.com/jamf/PPPC-Utility to
create the configuration profile then uploaded to Jamf.

Like
SOLVED Posted: by surajitbpn

Hello everyone, Does anyone have any EA to check the installed AMP Connector Version ?

Like
SOLVED Posted: by coryhowell2

@surajitbpn

I haven't fully tested this yet but this should work.

#!/bin/bash 

if [[ -d /Applications/Cisco\ AMP/AMP\ for\ Endpoints\ Connector.app  ]]
    then 
        RESULT=$(defaults read /Applications/Cisco\ AMP/AMP\ for\ Endpoints\ Connector.app/Contents/Info CFBundleShortVersionString)
        echo "<result>${RESULT}</result>"
    else
        echo "<result>Not Installed</result>"
fi
Like
SOLVED Posted: by surajitbpn

Thank you @coryhowell2 , this works perfectly!
Got it verified by Cisco Support as well.
I just added the build version & we are using it on production.

#!/bin/bash
if [[ -d /Applications/Cisco\ AMP/AMP\ for\ Endpoints\ Connector.app  ]]
    then 
        RESULT=$(defaults read /Applications/Cisco\ AMP/AMP\ for\ Endpoints\ Connector.app/Contents/Info CFBundleShortVersionString)
        BUILD=$(defaults read /Applications/Cisco\ AMP/AMP\ for\ Endpoints\ Connector.app/Contents/Info CFBundleVersion)
        echo "<result>${RESULT} build ${BUILD}</result>"
    else
        echo "<result>Not Installed</result>"
fi
Like