Nine41 Consulting | Remotely Inject a CylancePROTECT License Token on macOS
apple, device management, dep, vpp, systems management, landesk, ivanti, lanrev, absolute, heat, mdm,
1238
post-template-default,single,single-post,postid-1238,single-format-standard,qode-quick-links-1.0,ajax_fade,page_not_loaded,,columns-3,qode-child-theme-ver-1.0.0,qode-theme-ver-11.0,qode-theme-bridge,wpb-js-composer js-comp-ver-5.1.1,vc_responsive
 

Remotely Inject a CylancePROTECT License Token on macOS

Remotely Inject a CylancePROTECT License Token on macOS

Have you found that, after a seemingly random period of time post CylancePROTECT deployment, your help desk is receiving calls about CylancePROTECT not being licensed?

Well, you’re not the only one.

The client / server architecture setup for CylancePROTECT on macOS requires that the client machine check-in on a periodic basis or it will automatically “forget” it’s license key.

This behavior is great if the machine happens to be lost or stolen; however, if you have remote users that don’t frequently get on the network, having a machine forget it’s license is definitely not ideal.

Luckily, we can remotely inject the license key using LANDESK Management Suite to deploy a little script to work the magic.  All remotely might I add.  Neither you nor I want to touch every machine that needs an update.

Furthermore, this script would work if you find that your original license key was compromised and you need to replace it with a new one.

The script is a fairly basic script.  It’ll stop the CylancePROTECT service, run a backup on the existing token XML file, inject the token into the XML, and restart the service.  All you need to do in the script is change the variable value “newCylanceCustomToken” with your actual token value.  You can download the script from my GitHub site or just create your own by copying and pasting from the script below.  Just remember to run chmod +x on your script if you make your own.

Special shout out goes to Logrhythm SIEM for the assist on the SED portion of this script.

Once you have your script ready to go, compress it and copy it to your file share so you can create a LANDESK package and deploy it out.

CylancePROTECT Package Creation

  1. Open the LANDESK Management Suite Console
  2. Navigate to the top menu bar, select Tools > Distribution > Distribution Packages.
  3. In the lower left menu tree, highlight My Packages or Public Packages from within the Distribution Packages window
  4. On the Distribution menu bar, press the New Package button and select New Macintosh Agent package.
  5. Give the package a name
  6. Provide a description as well as any metadata information desired
  7. Set the primary file to the script file you previously transferred to your package share
  8. Fill out the Metadata details if desired, specifically supplying a logo so it shows up properly in the portal
  9. Save the package

CylancePROTECT Package Deployment

  1. Right click on the Mac software distribution package created and select Create Scheduled Task
  2. From the network view, select and drag the desired machine(s), user(s) or query(ies) and drop them onto the task
  3. Now, right click on the task and select properties
  4. Set the desired Task type under Task Settings as to whether you want a push, a policy or a hybrid of the two types in a policy-supported push
  5. Set the radio button in the Portal Settings to Run Automatically
  6. Change the Reboot Settings or Distribution and Patch settings if desired
  7. Set the schedule task settings with the appropriate start time

 
#!/bin/sh

# CylanceTokenReplacement.sh
# Created by Bennett Norton and Logrhythm SIEM on 10/20/16.
# This script will stop the Cylance service, replace the token file, and restart Cylance

#Script Variable
#change the variable to match your token
newCylanceToken="newCylanceCustomToken"

#Don't change these variables
cylanceTokenLocation="/Library/Application Support/Cylance/Desktop/registry/LocalMachine/Software/Cylance/Desktop/"
cylanceValuesXML="values.xml"

#Stop the Cylance service
launchctl unload /Library/LaunchDaemons/com.cylance.agent_service.plist

#Make a backup of the values.xml and then edit the by adding in the InstallToken key
sed -i.backup 's/<\/values>/<value name=\"InstallToken\" type=\"string\">'"$newCylanceToken"'<\/value><\/values>/g' "$cylanceTokenLocation/$cylanceValuesXML"

#Start the Cylance service
launchctl load /Library/LaunchDaemons/com.cylance.agent_service.plist

No Comments

Post A Comment

ARE YOU READY TO GET STARTED?
Please fill out your information, and a specialist will reach out to discuss our services in more details.
Your Information will never be shared with any third party.
        
Free Training Videos
Register to gain access to all of our free content.
YOUR PHONE
YOUR NAME
YOUR EMAIL
        
Get Started
Provide us your contact information and we will reach out as quickly as possible.
YOUR PHONE
YOUR NAME
YOUR EMAIL
        
Additional Questions?
Provide us your contact information and we will reach out as quickly as possible.
YOUR PHONE
YOUR NAME
YOUR EMAIL
        
Pay by PO?
Provide us your contact information and we will reach out to help you sign up by PO.
YOUR PHONE
YOUR NAME
YOUR EMAIL
Subscribe Now
Subscribing to our site gives you access to our Apple Admin 101 training videos as well as allowing us to notify you of each new blog post we release.
YOUR PHONE
YOUR NAME
YOUR EMAIL
Pay by PO
Send us your contact information and we will reach out to help you sign up by PO.
YOUR PHONE
YOUR NAME
YOUR EMAIL
Additional Questions?
Send us your contact information and your questions and we will reach out as quickly as possible.
YOUR PHONE
YOUR NAME
YOUR EMAIL
YOUR QUESTIONS
Get Started
Provide us your contact information and we will reach out as quickly as possible.
YOUR PHONE
YOUR NAME
YOUR EMAIL
Free Training Videos
Subscribing to our site gives you access to our Apple Admin 101 training videos as well as allowing us to notify you of each new blog post we release.
FIRST NAME
LAST NAME
PHONE
EMAIL
Subscribe Now
Subscribing to our site gives you access to our Apple Admin 101 training videos as well as allowing us to notify you of each new blog post we release.
FIRST NAME
LAST NAME
PHONE
EMAIL