MAC AGENT – DEPLOYMENT GUIDE (VIA JAMF PRO)

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

June 2024

2

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

Table of Contents

Overview ......................................................................................................................................................................... 3

Purpose of the Document ............................................................................................................................................... 3

Mac Agent – Package Creation (Via JAMF Composer) ............................................................................................ 4

Deploying the Mac Agent via JAMF Pro ................................................................................................................ 19

2.1 Prerequisites .................................................................................................................................................... 19

2.2 Creating an Agent Installation Package ........................................................................................................... 19

2.3 Creating an Agent Uninstallation Script .......................................................................................................... 23

2.4 Creating an Agent Deployment Policy ............................................................................................................. 29

2.5 Obtaining the Code Requirements .................................................................................................................. 36

2.6 Creating a Configuration Profile ...................................................................................................................... 38

Contact Exterro ............................................................................................................................................................. 44

3

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

Overview

Exterro was founded with the simple vision that applying the concepts of process optimization and data science to

how companies manage digital information and respond to litigation would drive more successful outcomes at a

lower cost. We remain committed to this vision today. We deliver a fully integrated Data Risk Management platform

that enables our clients to address their privacy, regulatory, compliance, digital forensics, and litigation risks more

effectively and at lower costs. We provide software solutions that help some of the world’s largest organizations, law

enforcement and government agencies work smarter, more efficiently, and support the Rule of Law.

Purpose of the Document

The purpose of the document is to provide users with the step-by-step instructions required to deploy the Mac Agent

via JAMF Pro application.

4

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

Mac Agent – Package Creation (Via JAMF Composer)

This section provides you with the step to include the Exterro configuration file to the existing Mac package files using

Jamf Composer. With this process, you can create and push the Mac package files that also consists of Exterro

configuration files.

Prerequisite: The Code Signing Certificate must be installed in Keychain Access before opening the JAMF Composer

application.

To build a Mac agent package using JAMF Composer:

1. Open the Jamf Composer application.

2. Click on the Composer menu and select Settings.

5

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

3. Ensure the following:

• The Build flat PKGs option should be checked

• The Sign with option should be checked and Code Signing Certificate should be selected against it.

4. Click on Save.

5. Click on the New button.

6

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

6. Select Normal Snapshot option and click Next.

7. Enter the Package Name and click Next.

7

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

• The indexing of the system’s file directories will be initiated.

8. Upon indexing completion, click on the Create Package Source button.

8

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

9. Right click on the right pane and select the Create New Directory option.

10. Provide the directory’s name as /tmp.

11. Right click on the created directory (/tmp) and select the Create New Directory option.

9

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

12. Provide the name of the directory as MacAgentInstaller.

13. Extract the Mac agent ZIP file provided by Exterro team.

• Two files (a config file and a PKG file) will be present in the extracted folder.

10

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

14. Open the agentinstall.config file and edit the following options based on your environment:

agentinstall.config

fields

Default Value Notes

ServerPollIntervalS

econds

1800 seconds or 30 minutes

The number of seconds the agent will

check in with the FTK Central

application.

ServerBaseURI

<servername_or_ip>:<port number>

Note: The <port number> should be replaced with

the value of ManagedAgentApiPort property

present in the ADG.WeblabSelfHost.exe.config

The URI for the FTK server to which the

agent should be pointed.

IndexingDirectory

/usr/local/share/AccessData/ManagedAgent/Age

ntData/Indices

Default location of search index.

DataType 0

DO NOT EDIT

Built-in values range 0-16.

IndexLastComplete

Time

n/a

YYYY-MM-DD|HH:MM:SS index last

completed

DocumentsIndexed

n/a

Number of documents indexed.

IndexRefreshInterv

alinMins

60

Time interval (minutes) between

indexing updates.

MaxIndexSizeInMB 0

*FUTURE FEATURE*

Max index size in megabytes (MB). A

value of “0” disables any limit on max

index size.

11

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

agentinstall.config

fields

Default Value Notes

IndexAllowedHours "0~24"

Values in range 0~23 hours. A value of

“0~24” allows indexing to occur at any

hour of the day.

Syntax is: HH~HH

Note: Start and end hours are delimited

by a tilde (~) character.

FileMaskForConten

tsIndexing

"pages","numbers",

"key","kth","emlx","emix","emlxpart","ewsmbox"

,"imapmbox","mailstationery","mailtoloc","skind

ex","doc","txt","xls","xlsx","docx","pdf","htm","ht

ml"

File extensions to be indexed. When

used in conjunction with

FoldersForContentsIndexing, the

filters use OR logic and so files

meeting either criteria will be included

in the index.

Sample syntax is:

[

“txt”,

”pdf”,

”docx”

]

12

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

agentinstall.config

fields

Default Value Notes

FoldersForContents

Indexing

“*”

List of directories whose contents will

be indexed. When used in conjuction

with FileMaskForContentsIndexing,

the filters use OR logic and so files /

folders meeting either criteria will be

included in the index.

Path must be fully qualified. Sub-

strings of folder paths are not currently

supported.

Example:

[

"/Users/jsmith/Documents/pd

f/", "/Users/jdoe/notes/"

]

SearchHiddenFiles false

true | false

Allow indexing of hidden files in the file

system.

SearchSystemFiles false

true | false

Allow indexing of macOS System files.

CanIndexNow false

DO NOT EDIT

Used by the application to determine

whether the index needs to be updated

based on refresh interval value

compared to last update time value.

13

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

agentinstall.config

fields

Default Value Notes

DataName n/a

SUPPORTED:

“File”

”BrowserHistory”

NOT CURRENTLY SUPPORTED ON

macOS:

”Process”,”Services”,”Port”,”Certificat

e”,”Volume”,”Hive”,”Module”,”Disk”,”

Prefetch”,”User”,”Arp”,”SoftwareInve

ntory”,”Drive”

Updated false

*FUTURE FEATURE- Not currently in

use*

Date and time index was last updated.

A value of false means the index has

not yet completed.

EnableIndexing true

true | false to enable | disable agent

search index

IsRemovableDevice

Monitoring Enabled

false

This setting is not supported on macOS

because, when enabled, indexing

includes all mounted storage by

default.

StatusUpdateRateI

nSeconds

30

Interval between agent status updates

in seconds.

MaxSearchJobs 2147483647

Max number of concurrent agent

search jobs.

15. Save the file.

14

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

16. Right click on the MacAgentInstaller directory and select the Add File/Directory option.

17. Browse and select the extracted from the ZIP file folder provided by Exterro team.

18. Select both the files and click Open.

15

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

• The selected files will be added to the right pane.

19. Right click on the Scripts from the left pane and select Add Shell Script > postinstall option.

16

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

20. Copy and paste the below provided postinstall script on the right pane.

#!/bin/sh

## postinstall

sudo security add-trusted-cert -d -k /Library/Keychains/System.keychain /tmp/MacAgentInstaller/<SSL

Certificate File Name>

installer -pkg /tmp/MacAgentInstaller/<Mac Agent Package File Name> -target /

21. If you need to install the SSL certificate along with the Mac agent installation, follow the below steps:

a. Add the SSL certificate in the MacAgentInstaller folder (refer the steps 16 to 18)

b. Replace the <SSL Certificate File Name> with the certificate file name for the below command in the

postinstall script:

sudo security add-trusted-cert -d -k /Library/Keychains/System.keychain

/tmp/MacAgentInstaller/<SSL Certificate File Name>

17

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

Note: If the SSL certificate installation is not required, comment out the below line on the

postinstall script by addinf the ‘#’ character before it.

#sudo security add-trusted-cert -d -k /Library/Keychains/System.keychain

/tmp/MacAgentInstaller/<SSL Certificate File Name>

22. Upon pasting the postinstall script, click on the Scripts from the left pane then click on the Save button in the

pop-up when prompted.

23. Click on the Build as PKG icon.

18

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

24. Select the Folder where the packages should be stored.

25. Click on Save.

• Upon creation, the packages will be listed on the PACKAGES section of left pane.

• The package will be created on the folder that you had selected.

19

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

Deploying the Mac Agent via JAMF Pro

2.1 Prerequisites

• The targeted machines should be enrolled in JAMF with the ability to manage Policies and Configuration

Profiles.

• A Mac with a manually installed Agent is required to obtain baseline information.

2.2 Creating an Agent Installation Package

A separate Package is required for each version of the Mac Agent. Subsequent sections must correspond to the

version of the Agent used in the installation package.

To create an Agent Installation Package:

1. Log into JAMF Pro application.

2. Click on Settings from the top-right corner.

20

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

 The Settings page is displayed.

3. Select the Computer management tab and click on Packages.

21

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

4. Click New.

Note: The package file created using the Jamf Composer (refer the Mac Agent – Package Creation

(Via JAMF Composer) section) should be added here.

22

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

5. Provide the package’s Display Name.

6. Select the package’s Category.

7. Browse and select the required Agent PKG file for the Filename field.

Note: The remaining fields are optional and can be configured based on the user’s requirements.

8. Click Save.

23

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

2.3 Creating an Agent Uninstallation Script

The script mentioned in this section should be compatible with all versions of the Mac Agent.

To create an Agent Uninstallation Script:

1. Log into JAMF Pro application.

2. Click on Settings from the top-right corner.

24

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

 The Settings page is displayed.

3. Select the Computer management tab and click on Scripts.

25

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

4. Click on New.

 The New Script page is displayed.

26

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

5. Provide the script’s Display Name.

6. Select the package’s Category.

7. Select the Script tab.

8. Select the Shell/Bash option for the Mode field.

27

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

9. Copy and paste the below provided script in the text area:

#!/bin/bash

DATE=`date +%Y-%m-%d`

TIME=`date +%H:%M:%S`

LOG_PREFIX="[$DATE $TIME]"

LOG_FILE=~/Library/Logs/AccessDataAgentUninstall.log

log_info() {

echo "${LOG_PREFIX} [INFO]" $1 >> $LOG_FILE

}

log_error() {

echo "${LOG_PREFIX} [ERROR]" $1 >> $LOG_FILE

}

if (( $EUID != 0 )); then

log_error "Script was not run as root. Exiting."

exit

fi

PRODUCT=AccessDataAgent

InstalledAgents=($(pkgutil --packages | grep $PRODUCT))

for i in "${InstalledAgents[@]}"

do

VERSION=$(pkgutil --pkg-info $i | grep version | cut -d ' ' -f 2 )

log_info "Removing $PRODUCT $VERSION"

find "/usr/local/bin/" -name "$PRODUCT-$VERSION" | xargs rm

if [ $? -eq 0 ]

then

log_info "Successfully deleted shortcut links"

else

log_error "Could not delete shortcut links"

fi

pkgutil --forget "org.$PRODUCT.$VERSION" > /dev/null 2>&1

if [ $? -eq 0 ]

then

log_info "Successfully deleted application informations"

else

log_error "Could not delete application information"

28

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

fi

launchctl stop /Library/LaunchDaemons/com.adg.managedagent.plist > /dev/null 2>&1

if [ $? -eq 0 ]

then

log_info "Successfully stopped the Agent service"

else

log_error "Could not stop the Agent service"

fi

launchctl unload /Library/LaunchDaemons/com.adg.managedagent.plist > /dev/null 2>&1

if [ $? -eq 0 ]

then

log_info "Successfully unloaded the Agent service"

else

log_error "Could not unload the Agent service"

fi

rm -rf "/Library/${PRODUCT}/${VERSION}" > /dev/null 2>&1

if [ $? -eq 0 ]

then

log_info "Successfully deleted source files"

else

log_error "Could not delete source files"

fi

done

exit 0

Note: The remaining fields are optional and can be configured based on the user’s requirements.

10. Click Save.

29

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

2.4 Creating an Agent Deployment Policy

A Policy will be used to uninstall any existing Agent on a target machine and then install the specified Agent version.

To create an Agent Deployment Policy:

1. Log into the JAMF Pro application.

2. Click on Computers.

30

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

3. Click on Policies from the left pane.

4. Click on New.

31

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

 The New Policy page is displayed.

5. Provide a policy’s Display Name.

6. Check the Enabled option.

7. Select the policy’s Category.

8. Select the required Trigger events during when the policy should be deployed.

Note: You are recommended to select the Recurring Check-in trigger event.

9. Select the Once per computer option from the Execution Frequency dropdown.

10. Check the Automatically re-run policy on failure option.

32

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

11. Select the Packages tab from the middle pane and click on Configure.

12. Click Add against the required package.

33

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

13. Select the Install option from the Action dropdown.

14. Select the Scripts tab from the middle pane and click on Configure.

34

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

15. Click Add against the required Agent Uninstallation Script.

16. Select the Before option from the Priority dropdown.

17. No Parameters should be added.

35

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

18. Select the Scope tab and click on Add.

19. Click on Add against the required target.

20. Click Save.

If the Recurring Check-in event was selected for Trigger, the new Policy will be run on targets the next time a user

checks in to the JAMF application.

36

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

2.5 Obtaining the Code Requirements

Code Requirements are needed when creating a Profile to grant the necessary permissions to deployed Agents. The

following should be done on a Mac where the desired Agent release has already been installed.

To obtain the Code Requirements:

1. Open Terminal.

2. Execute the following command:

codesign -dr - /bin/sh

3. Copy the value displayed against the designated field. This is the Code Requirement for sh.

4. Execute the following command:

codesign -dr - /bin/zsh

5. Copy the value displayed against the designated field. This is the Code Requirement for zsh.

6. Execute the following command:

codesign -dr - /System/Applications/Utilities/Terminal.app

37

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

7. Copy the value displayed against the designated field. This is the Code Requirement for Terminal.

8. Execute the following command:

codesign -dr - /System/Applications/Utilities/Console.app

9. Copy the value displayed against the designated field. This is the Code Requirement for Console.

10. Determine the installation folder for the installed Agent

Example: /Library/AccessDataAgent/<version>/

11. Execute the following command:

codesign -dr – [AgentInstallationFolder]/ADG.Agent.IndexingService

12. Copy the value displayed against the designated field. This is the Code Requirement for

ADG.Agent.IndexingService.

13. Execute the following command:

codesign -dr – [AgentInstallationFolder]/ADG.ManagedAgentSvc

14. Copy the value displayed against the designated field. This is the Code Requirement for ADG.ManagedAgentSvc.

38

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

2.6 Creating a Configuration Profile

A Configuration Profile will be used to grant the Full Disk permissions necessary for the Agent to function correctly.

Any permission overrides deployed by JAMF are not visible to users in System Preferences > Security & Privacy > Full

Disk Access on the target machine(s). However, the pushed profile can be seen in system Preferences > Profiles.

To create a Configuration Profile:

1. Log in to JAMF Pro application.

2. Click on Computers.

39

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

3. Click on Configuration Profiles from the left pane and click on New.

 The New macOS Configuration Profile page is displayed.

40

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

4. Provide the profile’s Name.

5. Provide the Description of the profile.

6. Select the profile’s Category.

7. Select the Computer Level option from the Level drop-down.

8. Select the required option for Distribution Method.

Note: You are recommended to select Install Automatically.

9. Scroll down and select the Privacy Preferences Policy Control tab from the middle pane.

10. Click Configure.

41

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

11. Create six App Access sections by clicking on the button.

12. Provide following values for the corresponding fields in each App Access sections:

Identifier

Identifier Type

/bin/sh

Path

/bin/zsh

Path

com.apple.Terminal

Bundle ID

com.apple.Console

Bundle ID

[AgentInstallationFolder]/ADG.Agent.IndexingService

Path

[AgentInstallationFolder]/ADG.ManagedAgentSvc

Path

ADG

Path

Note: The values for the Code Requirement field can be obtained by following the steps provided in the Obtaining

the Code Requirements section.

42

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

13. For each App Access section, follow the below steps:

a. click Add and select the following values for the corresponding drop-down fields:

• App or Service - SystemPolicySysAllFiles

• Access – Allow

b. Click Save.

14. Click on the Scope tab and click on Add.

43

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

15. Add the scope that includes the required target(s).

16. Click Save.

If the Install Automatically option was selected for Distribution Method, the new profile will start showing up on

the targets the next time users check in to JAMF. (Refer System Preferences > Profiles).

44

MAC AGENT – DEPLOYMENT GUIDE

(VIA JAMF PRO)

Contact Exterro

If you have any questions, please refer to this document, or any other related materials provided to you by Exterro.

For usage questions, please check with your organization’s internal application administrator. Alternatively, you may

contact your Exterro Training Manager or other Exterro account contact directly.

For technical difficulties, support is available through s[email protected].

Contact:

Exterro, Inc.

2175 NW Raleigh St., Suite 400

Portland, OR 97210.

Telephone: 503-501-5100

Toll Free: 1-877-EXTERRO (1-877-398-3776)

Fax: 1-866-408-7310

General E-mail:[email protected]

Website: www.exterro.com

Information in this document is subject to change without notice. No part of this document may be reproduced or transmitted in any form or by any means,

electronic or mechanical, for any purpose, without the express written permission of Exterro, Inc. The trademarks, service marks, logos or other intellectual

property rights of Exterro, Inc and others used in this documentation ("Trademarks") are the property of Exterro, Inc and their respective owners. The

furnishing of this document does not give you license to these patents, trademarks, copyrights or other intellectual property except as expressly provided in

any written agreement from Exterro, Inc.

The United States export control laws and regulations, including the Export Administration Regulations of the U.S. Department of Commerce, and other

applicable laws and regulations apply to this documentation which prohibits the export or re-export of content, products, services, and technology to certain

countries and persons. You agree to comply with all export laws, regulations and restrictions of the United States and any foreign agency or authority and

assume sole responsibility for any such unauthorized exportation.

You may not use this documentation if you are a competitor of Exterro, Inc, except with Exterro Inc’s prior written consent. In addition, you may not use the

documentation for purposes of evaluating its functionality, or for any other competitive purposes.

If you have any questions, please contact Customer Support by email at [email protected].