Team: Huntress Product Support
Product: Huntress Endpoint Protection / Agent
Environment: MacOS with Systems Manager
Summary: Generic Deployment and Privacy Preferences Policy Control (PPPC) payload for Full Disk Access
Each MDM solution uses different workflows to install the Huntress agent and grant permissions. This document goes over generic requirements for deploying the Huntress agent; we recommend that you consult your MDM's documentation on its deployment steps and workflows for additional details.
Overview
The installation of Huntress through an MDM or remote management tool consists of 2 items:
- Installation of the Huntress agent via generic deployment script
- Generic PPPC Payload for Full Disk Access
Installation of the Huntress agent via generic deployment script
Huntress uses a deployment script to deploy the Huntress macOS agent so that your unique Huntress Account Key and assigned Organization Key can be applied to the agent during installation. A generic deployment script is available here.
- Retrieve your Account Key:
- Hover over the Huntress options menu in the upper-right corner of the dashboard.
- Select the "Download Agent" option from the menu.
- On the Installer page click the clipboard icon to copy your secret account key to your clipboard; this will come in handy later in the deployment process.
- Hover over the Huntress options menu in the upper-right corner of the dashboard.
- Download or copy the Generic Bash script for macOS Agent installs into the scripting engine/component of your management tool.
- Scroll down to lines 44 and 48 of this generic bash script.
- Update Line 44 with your Account Key (copied from step 1)
- Update Line 48 with an assigned Organization Key (which can be either a new value or found in your Huntress portal under Home > Organizations)
- Update Line 52 with the name of your RMM or management solution (i.e. Jamf Pro). This value is used for support inquiries.
- This completes the first step of the installation process to deploy the Huntress macOS agent via your RMM or management solution.
Generic PPPC Payload for Full Disk Access
Download a pre-configured PPPC payload to upload to your MDM
This step requires an MDM solution. Refer to your MDM solution's documentation on how to deploy a PPPC Payload for Full Disk Access. Click here for more information on Full Disk Access.
Huntress requires the following parameters when building and deploying a PPPC Payload:
Payload type: com.apple.TCC.configuration-profile-policy
Identifier type: Bundle ID
Allow or Deny: Allow
| Huntress Agent version 0.13.70 and older | |
| Identifier | com.huntresslabs.www |
| Bundle ID | identifier "com.huntresslabs.www" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7W6HQ9J9XA" |
| Huntress Agent version 0.13.72 and newer | |
| Identifier for agent | com.huntress.app |
| Bundle ID for agent | identifier "com.huntress.app" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7W6HQ9J9XA" |
| Identifier for system extension | com.huntress.sysext |
| Bundle ID for extension | identifier "com.huntress.sysext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7W6HQ9J9XA" |
Upon rolling out your PPPC profile, in many cases it will not appear in System Preferences or System Settings (Ventura) of the endpoint under Full Disk Access.
sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db \ 'select client from access where auth_value and service = "kTCCServiceSystemPolicyAllFiles" and client="com.huntresslabs.www"'
com.huntresslabs.www
sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db \ 'select client from access where auth_value and service = "kTCCServiceSystemPolicyAllFiles" and client="com.huntress.app"'
sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db \ 'select client from access where auth_value and service = "kTCCServiceSystemPolicyAllFiles" and client="com.huntress.sysext"'
com.huntress.app
com.huntress.sysext
sudo plutil -p /Library/Application\ Support/com.apple.TCC/MDMOverrides.plist | grep -zo '"com.huntresslabs.www" => {\s*"kTCCServiceSystemPolicyAllFiles"'
"com.huntresslabs.www" => {
"kTCCServiceSystemPolicyAllFiles"
sudo plutil -p /Library/Application\ Support/com.apple.TCC/MDMOverrides.plist | grep -zo '"com.huntress.app" => {\s*"kTCCServiceSystemPolicyAllFiles"'
which should return:
com.huntress.app => {
"kTCCServiceSystemPolicyAllFiles"
sudo plutil -p /Library/Application\ Support/com.apple.TCC/MDMOverrides.plist | grep -zo '"com.huntress.sysext" => {\s*"kTCCServiceSystemPolicyAllFiles"'
Which should return:
com.huntress.sysext => {
"kTCCServiceSystemPolicyAllFiles"
Comments
3 comments
Can you just post the mobileconfig file for us to download? It would make this a million times easier.
Hi Ryan Grimes. We went ahead and updated the kb to include a PPPC payload that you can use. Hopefully that helps! Let me know if you have any issues with it.
Funny I was just emailed it as well. Great support as always!
Please sign in to leave a comment.