In addition to using the console to install the macOS agent, you can automate the install of the agent using Smart Groups.

Use the following policy workflow to upgrade your macOS endpoints with a new version of the Carbon Black App Control macOS agent.

To upgrade the macOS agent, you must use the Bit9MacInstall.bsx.pkg.

This upgrade method uses a set of three MDM polices. Although you can use a single policy to accomplish this task, using multiple policies serves as an error check safeguard.

For the following MDM policies to work, you must be able to detect the version of Carbon Black App Control and the status of Tamper Protect on scoped agent machines. You can do this by using two extension attributes that run a b9cli –status and then grep the data needed.

• MDM Policy One: The first MDM policy disables Tamper Protect on the agent machines that are to be upgraded. This policy uses the data you grepped from the b9cli –status command to determine the state of the agent. If Tamper Protect is enabled, this policy disables it. To disable Tamper Protect, you must use the global password for your agents.)
• MDM Policy Two: The second MDM policy upgrades the Carbon Black App Control macOS gent on any endpoint that has Tamper Protect disabled. This policy uses the data grepped from the b9cli –status command to determine this required information. This policy also runs the Bit9MacInstall.bsx.pkg, which performs the agent upgrade. When this script is completed, there is no need to restart the agent endpoint being upgraded.
• MDM Policy Three: The third MDM policy restores Tamper Protection on upgraded agent endpoints. This policy will be set to any computer that has Tamper Protect disabled. This policy uses the information grepped from b9cli –status.