New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Velocity - Mac - Is Full Disk Access Required? #3311
Comments
Deploying any software on Macs is a pain and usually requires some MDM solution like Jamf. Velociraptor needs a lot of preparation like preparing TCT policies and signing etc. The gory details are outlines in this presentation I will add a note to the docs site to help point people to the right place. |
I did watch the presentation and got some good info - but not the CLI version of FDA deployment. We are using Intune for the MDM and shell scripts to manage our Macs and have tried several methods to obtain FDA - including a configuration profile (includes name, ID type (you can choose path or bundle ID), identifier (path or bundle ID), code requirement - this is the identifier obtained after codesign command. Lastly, adding the "full disk access as allow". While this deploys successfully, it does not show in settings>privacy & security>full disk access. Have also tried deploying a Plist - (this was used for MS Defender successfully), however I believe the payload identifier is the issue - where velociraptor is a binary and doesn't have a bundle ID. We can apply the FDA via settings w/user intervention; however, this obviously isn't a preferred method. |
The binary is signed with an identifier
See this #3272 as well. |
Deployed Velociraptor via shell scripts with Intune, however, Security is asking that we grant full disk access. Before attempting this - can someone advise if this is required? (Would think that if this access was required, it would have been included in the deployment docs)
Thanks in advance,
The text was updated successfully, but these errors were encountered: