Download Detectx

0 views

Skip to first unread message

Sherri Helderman

unread,

Jan 17, 2024, 9:48:46 PM1/17/24

to blogimtyouscol

Background: An old mac was hit with malware. Browser start page changed to a known URL for malware, and extensions have been installed that no one recognizes. Malwarebytes quarantined a couple of hits. I want to cover my bases and detectx is the only other anti-malware I've seen recommended (outside of numerous debates about whether such software is necessary)

Rather than blindly deploy DetectX Swift to all my clients, I prefer to install it on demand, when a client needs it. The run-detectx-search.py script in my detectx-jamf repo will take care of this dependency resolution.

download detectx

DOWNLOAD https://t.co/yRxURFuP8z

Create a new policy and name it Install - DetectX Swift. Set the only trigger to "Custom" and enter the custom trigger "install_detectx". Set the Frequency to "Ongoing", since we want this policy to be available whenever we need it.

By default, run-detectx-search.py uses DetectX Swift's -j flag to output the results of the search in JSON format to /Library/Application Support/JAMF/Addons/DetectX/results.json. Placing the results file within /Library/Application Support/JAMF/ is a best practice, as it will ensure the file is deleted if you ever need to remove the Jamf framework.

After making any customizations, add a new script to your Jamf Pro Server. Use the filename, run-detectx-search.py, as the "Display Name" of the script. Copy the contents of your run-detectx-search.py file into the Script Contents textbox.

After running a scan, we need to collect the results and associate them to a computer record within Jamf Pro. We'll use an Extension Attribute to read the /Library/Application Support/JAMF/Addons/DetectX/results.json file generated by run-detectx-search.py.

Included in the detectx-jamf repo is the DetectX Issues.xml file, which is a ready-to-upload Extension Attribute. Simply navigate to Management Settings > Computer Management > Extension Attributes then click the Upload button. Select the DetectX Issues.xml file on your computer and upload it. Review the settings for the Extension Attribute, particularly "Inventory Display" categoy which controls where the Extension Attribute results are displayed when viewing a computer object.

If you've changed the default location of the search results file in run-detectx-search.py, or prefer to create and configure the Extension Attribute manually, EA-DetectX-Issues.py is included in the detectx-jamf repo. Edit the script and copy it to an Extension Attribute.

Unless stated, all photos are the work of site owner and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. If used with watermark, no need to credit to detectx.com.au. For any reuse of blog, please contact me first.

Unless stated, all content are the work of site owner and are licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License. Please credit all content to detectx.com.au and link back to the original blog post.