macOS Big Sur - how to automate full install, eliminate manual approval of system extension files

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

macOS Big Sur - how to automate full install, eliminate manual approval of system extension files

L1 Bithead

we are still manually installing Coretex to our Macs on Big Sur, this involves some time and the hope that our human computer builder / imager doesn't forget to manually approve PMD and Traps extensions. 

 

Is there a method where we can use a script install and automatically approve the installation of Coretex XDR version 7.3.0 build 2207? 

 

if it matters, our MDM is Workspace One... 

 

 

3 REPLIES 3

L3 Networker

Hi Houston29115,

 

Please refer to the Install with a Unified Configuration Profile for MDMs (paloaltonetworks.com) TechDoc.

 

A ready install script is not available, however scripting can be done using bash/zsh/ksh or python scripting. For example, here is a bash shell script for a silent installation:

 

installer -pkg "CortexXDR.pkg" -target /

 

*CortexXDR.pkg = Insert XDR installation package name

 

For MacOS, the Cortex XDR agent needs full disk access to:

  • Trapsd - daemon which handles the communication between the agent and the ESM.
  • Authorized - daemon which handles the malware protection flow.
  • Pmd - daemon which is responsible for policy and core security functionality.

Thanks

If you found this answer helpful, please select Accept as Solution.

yeah, know about this... this method wont get around asking our Tech Team or the end user to manually bless the install. 

If you happen to find a method please update here - thank you for your time.

the problem with this advice is - if the user doesnt interact with the Full Disk Access prompt - (and most corp users rant admins, nor would they likely even know HOW to do FDA) - the computer will be left vulverable. This means Cortex will not be able to protect the entirety of files in storage.

 

What's actually required is a self heal solution from Palo Alto Networks, so that if:

a. the app, or either system extension become corrupt

b. the user somehow manages to corrupt or uninstall part of the original install

 

Cortex will detect this circumstance from a client computer and reinstall itself as soon as the user puts their computer on net again. 

 

Currently, is there any known way to set this up? 

  • 2401 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!