I hadn't.  But I would if it allowed for the selective adding/removing of blades as the Windows version does, even if it is locally driven rather than from the Endpoint server.

R81.10 introduced deployment rules support for MacOS clients but I've not tested the granularity of the same.

Yes, and as root, though I didn't actually think that would make a difference.

There isn't any one error if I remember right, but about two screens worth of individual files reporting "operation not permitted" or similar.  I suspect it was trying to delete the files, and didn't have the rights to do so, as if an active process was protecting them.  Perhaps trying it in Safe Mode would be one thing to try?

Actually yes! Thats excellent suggestion...did not think of that, but I am positive it would work. Let us know if you can try that.

Andy

The colleague with the laptop in question will be back in the office on Thursday, so I hope to give Safe Mode a go then.  I will report back.

Im not nearly as Mac expert as @PhoneBoy , but I guess the fact I had old grape mac desktop qualifies me for something : - ). Not sure if below link might help in your situation?

http://www.macosxtips.co.uk/index_files/tips-for-deleting-stubborn-files.php#:~:text=To%20delete%20a....

I think forcibly deleting files out from under Endpoint might be a bad thing to do.

I get your point...might be a bit risky, thats true, but at least probably better than removing the whole thing.

I fear you may be right.  Any idea what those various "uninstall_<blade>.sh" scripts might be for in that case?  I know if I run the "uninstall.sh" script it will remove the entire product, after first triggering decrypt, so I assume there is a way to do this selectively.

I assume those install_<blade>.sh scripts are meant to be called from the larger uninstall.sh script.
Perhaps there's a way to selectively trigger it, but offhand, I don't know if that's possible.
Might be worth a TAC case.

@Howard_Gyton 

It is not possible to handle individual blades installations offline like you can do with Windows. The only option you have for our macOS clients is the full exported package or Software Deployment rules. We are limited to just these options because of Apple's architecture and them limiting what 3rd Party Security products can do on their systems and OS since they like to control what software does.

If there is a suspicion with the Self Protection with our macOS client then I would suggest trying this SK.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

I know it doesn't work like the PC.  I did use an exported package that had everything minus the ME blade, and installed that over the top, hoping that it would remove the ME blade, but it didn't.

During the install I could see that the ME blade's status changed to something like Inactive(?), but after a reboot the ME blade was running again.

I'm sure I've used that process to add a blade, but is it possible to remove them also?  If not it seems a pretty weak solution to have to do a full de-install, and decrypt, just to add one blade.

@Howard_Gyton 

No, the method of installing a different package with the blade(s) not included on top of what is already installed will not work. The same will not work on Windows installations without using the msiexec cli cmd and providing the blade mask.

Again if you want to remove and or add blades on macOS clients without having to uninstall and reinstall the client you will have to use Software Deployment Rules. This is only supported in GA though since E86.20 macOS client and your Endpoint Server version would need to be R81.10.

Enterprise Endpoint Security E86.20 macOS Client

Great, thanks for the clarification.  We are pushing E62.20, but still have an R80.30 server.  I'll look to upgrade to R81.10 in that case.