Hello everybody
Has anyone had the issue lately, that a macOS profile (Devcie-based) failed to save, when you tried to configure kernel or system extensions?
The kernel/system extension isn't even very special and I also tried an old entry to add, but could get any further. Here is one example for the Sophos-Profile I was trying:
I'm not sure what goes wrong here. Happens for kernel and for system extensions. This always worked in the past. Maybe I'm missing something with the new design...
Regards
btw if anyone is wondering: I was trying to implement the given settings for Sophos Endpoint deployment as described here: https://community.sophos.com/intercept-x-endpoint/f/recommended-reads/116397/sophos-mac-endpoint-how...
Hello everybody
I found a way to counteract the current limitations by using vmware WorkspaceONE App Analyser for macOS (https://flings.vmware.com/workspace-one-app-analyzer-for-macos), which enables you to upload a generated profile directly into ws1. You can get all the neccessary information on the tool on the linked page above.
My piece of advice: There is an important detail to be mentionned for this usecase. I used this app on a VM to get the system extension and privacy preferences. Both will be caught fine by the tool. BUT: I had to create two seperate policies for the two payloads. If you combine both payloads into one profile it will cause a failure. If you split the payload into two profiles everything works fine.
So if you encounter similar issues, just make your profile atomic and keep one profile for each payload and try again.
Regards
Hello everybody
I found a way to counteract the current limitations by using vmware WorkspaceONE App Analyser for macOS (https://flings.vmware.com/workspace-one-app-analyzer-for-macos), which enables you to upload a generated profile directly into ws1. You can get all the neccessary information on the tool on the linked page above.
My piece of advice: There is an important detail to be mentionned for this usecase. I used this app on a VM to get the system extension and privacy preferences. Both will be caught fine by the tool. BUT: I had to create two seperate policies for the two payloads. If you combine both payloads into one profile it will cause a failure. If you split the payload into two profiles everything works fine.
So if you encounter similar issues, just make your profile atomic and keep one profile for each payload and try again.
Regards