Use sudo $0"ĬONSOLE_USER=`stat -f "%Su" /dev/console`ĬONSOLE_HOME=`eval echo ~$/Library/Keychains/login.keychain-db" #!/bin/shĮcho "You must be root to run the script.
Here is the script that I use to uninstall, I used suspicious package to take it out of the GlobalProtect install package. Then it reinstalls the GlobalProtect application. (we initially developed this to switch users from one portal to another automatically, but it has become a useful troubleshooting step for us.) Then it installs the relevant GlobalProtect settings (a. Our "Reset GlobalProtect" Self service option triggers 3 other policies in a row. I've attached screenshots of the 2 GlobalProtect related config profiles that are pushed to every Catalina Machine. I'll post my findings here once I hear really not sure why your experience is much different than mine, That prompt has only happened for us a few times, and each time our Reset GlobalProtect policy has fixed it. I should be talking to the engineer again before the week is out. So now all that's left is to test this payload and address the issue regarding ""GlobalProtect" Would like to Add VPN Configurations" with an Allow or Don't Allow button.īut there is also one other issue that I am chasing a screenshot of, which is a Keychain login prompt. Once I un-scoped the KEXT Profile, Teams and the Office apps worked without issue. All other o365 products works as expected. Allowed the system Extension, manually, and still had issues with Teams. I tested 5.1.4-45 on a 13" 2018 MBP with 10.15.5 by completely uninstalling GPCS (with their uninstaller). To me it would appear that support for Catalina may have been dropped altogether. (Personally, I think the devs don't know that MDM also applies for Mac, but whatever.)īecause of this oversight, they shared with us that the kext would be removed but don't account for the fact that it being whitelisted by MDM stays put, until the device is taken out of scope for the KEXT whitelist config profile.
Still, now that we have the payload, we reached out to Palo Alto once again for documentation on how to configure their stuff, and I feel bad for the engineer, who was very helpful, even though he ended up finding this same article.
Until this weekend when we upgraded from Jamf Pro 10.13.1 to 10.22.1 (yeah, I know).
So Moving to 5.1.4-45 was supposed to fix this issue, except that at the time our version of Jamf didn't support the System Extension payload and there was little or very hard to find documentation for Mac on Palo Alto's site. One user got this from his ISP (COX Communications) along with his system warning him of his apps running out of memory. Microsoft confirmed that they use Webkit in their apps, Apple said, hey we'd love to help (and I don't know what behind the scenes things might be happening, but there is no partnership that I know of between Palo Alto and Apple, so its a crapshoot?)
We opened a case with Palo Alto, Microsoft, and Apple. I imagine that most users will just bypass autosave and save locally, which defeats the purpose of having OneDrive.
Some days it was impossible to work, so I was able to disable VPN, but for end users, it's set to be always on. If the Gateway was changed or the GPCS was refreshed then the behavior briefly went away until the Gateway reconnected. We started having issues with 5.0.8-4 and Catalina where any O365 traffic was having issues with Autosave (Word, Excel, PPT), syncing with OneDrive, Sharepoint (sites not loading), websites not loading completely, and Teams not sending messages.