BESAgent on macOS just stopping?

straffin 2023-05-01 20:55:16 UTC #1

We’ve received scattered reports of folks with a BES Agent on macOS that has stopped reporting. It was fine, then it wasn’t. We’ve not found much useful information other than, in at least one case, something seems to have shut down the client:

At 12:58:52 -0400 - Patches for Mac OS X (http://sync.bigfix.com/cgi-bin/bfgather/macpatches)
   BackgroundAdviceEvaluation::FinishDataLoop side line file Configuration.fxf
At 12:58:54 -0400 - Patches for Mac OS X (http://sync.bigfix.com/cgi-bin/bfgather/macpatches)
   BackgroundAdviceEvaluation::FinishDataLoop side line file OS X 106.fxf
At 12:59:24 -0400 - 
   Client shutdown (Service manager stop request)

In addition to asking what could be doing something like this or how I could find it, does anyone understand the exact process flow for the starting and stopping of macOS services (system/com.bigfix.BESAgent in particular)? Where should/could I be looking? What should/could I be looking for?

Thanks!

atlauren 2023-05-02 04:18:36 UTC #2

So far as I know, we haven’t seen that.

Memory congestion? Extremely low battery? Can’t reach a relay and eventually gives up?

straffin 2023-05-02 14:09:08 UTC #3

As far as I can tell, everything else about these computers is fine. The users are continuing to use them regularly and other tools like Jamf Pro and CrowdStrike continue to operate normally (though sometimes they go dark as well).

straffin 2023-05-02 14:11:18 UTC #4

As a related question, as macOS evolves, we’re seeing other tools require specific rights explicitly granted but the user or by “configuration profile”, but I’ve not seen any such recommendation or requirement for BigFix. Does the BigFix Agent on macOS not need things like “Full Disk Access” or “App Management” rights in order to function properly?

dmccalla 2023-05-02 17:14:45 UTC #5

We do… but I’d say its not particularly well known. There’s a small note at the bottom of the Mac client installation instructions page here --> https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Installation/c_mac_installation_instructions.html

Note: The BESAgent service can access all of the user’s private files and folders in the Mac system only if you add full disk access permission to it. It can be done manually by the user from the Privacy tab of the Security & Privacy Preferences panel or by using MDM services. For a BigFix MCM Device this can be done automatically at installation time, see Deploy BigFix Agent for more information.

straffin 2023-05-02 21:06:04 UTC #6

This may need to be revisited (and perhaps reinforced). The latest version of macOS (v13 aka Ventura) has added an “App Management” privacy control that must be granted in order to “Allow the applications below to update or delete other applications”. Even as root, apps can’t mess with objects in the /Applications directory without this right. I’m surprised it hasn’t come up already…

dmccalla 2023-05-02 21:38:46 UTC #7

Agreed. I think we should update our docs to better reflect these changes/requirements. That note is very easy to miss. I’ll let the appropriate people know. Thanks!

atlauren 2023-05-02 22:52:29 UTC #8

This is what we’re delivering via a PPPC profile. To my knowledge we’re able to do all the things I’d expect the agent to do.

38 PM

straffin 2023-05-03 00:15:43 UTC #9

We’re not using BigFix as an MDM (yet) and there’re no Profiles in our Jamf Pro instance to permit BigFix to do anything special. I’ll have to look into changing that…

atlauren 2023-05-03 00:36:43 UTC #10

We’re not using BigFix’ MDM/MCM, as we have another MDM thinger which predates BigFix’s own.

That said, moving our Macs from that other MDM thinger to JAMF Pro is a thing being discussed. Because reasons.