Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

All Products: How To Obtain and Validate a Jamf/MDM mobileconfig File

All Products: How To Obtain and Validate a Jamf/MDM mobileconfig File

Environment

  • All Products:  All Versions
  • MDM Servers:  All versions configured to manage Carbon Black Mac Sensors

Objective

How to obtain and convert a JamF/MDM mobileconfig files to XML readable format.

Resolution

A. Open a JamF/MDM policy for the Carbon Black product (CBC, EDR or AppC)  in the JamF console.

B. Download the policy.  In JamF, Computers > Configuration Profiles > (select profile details) choose the Download option.
This is a article attached imageThis is a article attached image
C. Move the mobileconfig file to  any MacOS Terminal window.   Remove any signature wrappers:
security cms -D -i xxx.mobileconfig > xxx-unsigned.mobileconfig
D. Format the resulting file into a XML legible file:
plutil -convert xml1 xxx-unsigned.mobileconfig
E. Run 'less xxx-unsigned.mobileconfig' to view the extra characters.  Below is an example of invalid characters that do not appear in the console.  The hidden characters can cause the profile to fail.  (The example below depicts an EDR profile with hidden, invalid characters)
This is a article attached imageThis is a article attached image

 

Additional Notes

  • If extra characters are in the MDM policy due to cut-n-paste, then the policy does not apply properly on the sensors.
  • Some mobileconfig files do not have a signature wrapper.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎11-22-2022
Views:
934
Contributors