Error deploying Cisco AMP MDM profile on SOME M1 MacOS

p.costa · ‎07-23-2021

Hi Communcity,

we have around 14 MacOS with M1 processor that show a fault during the installation of AMP connector.

This is because the MDM profile at https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/216089-advisory-for-amp-for-endpoints-mac-conne.html is not correctly installed, even if we deploy it with Airwatch.

Digging deeper, we can see from Airwatch logs that the Mac is returning 'The operation couldn't be completed. (SPErrorDomain error 1.)' every day, so it seems there is an error installing the profile. I don't understand why it's not working. We deployed correctly the same profile on around 1500 Mac, but we have this 14 "problematic" Mac.

Anyone else had the same error? 'The operation couldn't be completed. (SPErrorDomain error 1.)'

Have a nice weekend,

Pier

antc · ‎08-10-2021

Have you tried putting the M1/ARM Macs in a separate group and remove the kernel extension (SystemPolicyKernelExtensions) payload from the MDM profile?

Perhaps that payload is being rejected by macOS since kernel extensions are not supported on ARM.

p.costa · ‎08-16-2021

Hi @antc,

thanks, we will try that, as it was also suggested by TAC. We verified that only a subset of M1 mac are affected. The one affected have "full security" selected at boot.

Do you have any guidance on how to modify the MDM profile to exclude the authorization for kernel extensions?

I have read https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/216089-advisory-for-amp-for-endpoints-mac-conne.html but it does not mention this incompatibility.

Do you think it could be enough to just delet everything under "SystemPolicyKernelExtensions" from the MDM profile?

Thanks,

Pier