Apple’s recent update to their security controls prevented data collection from a Mac endpoint without triggering a Transparency Consent and Control (TCC) prompt on the endpoint—which limits acquisition abilities for investigations requiring a more subtle approach. To ensure you can easily and reliably collect from remote Mac endpoints, we have updated Magnet AXIOM Cyber’s Mac agent and had the new agent signed by Apple. We have also partnered with Jamf, the industry standard in managing and securing Apple endpoints, to facilitate deploying the new signed Mac agent to devices running macOS. In this video, you’ll learn how to use signed agent deployment with Jamf pro for macOS investigations.
Execute Command to run the agent from JAMF: cd /usr/local/jamf/temp; open -gj ‘Agent.app’ –args ‘–config-file /usr/local/jamf/temp/Agent.cfg’