N-able RMM: New Windows Agent Uninstall Protection, Patch Management Update for Mac

To start, here’s a quick video highlighting the recent new features we’ve put out in RMM – we very much hope you’ll be able to take advantage of these latest enhancements in your day to day business!

On to what’s in store in this week’s release, which is expected to be available in all territories by end of the week…

Windows Agent Uninstall Protection

We’re pleased to let you know that with the next Windows RC agent (v10.11.0), you’ll be able to turn on a new uninstall protection feature so that only qualified MSP technicians can remove the RMM agent directly on the end-point. With the feature enabled, the person uninstalling the agent will be prompted to enter a token, which can be emailed to you or you can look it up in the RMM Dashboard.

It means that you can proactively prevent customer end-users from accidentally removing the agent (typically from the Windows “Add or remove programs” dialog). You can already receive an automated removal alert when this happens – now you can lock it down in full. This has been a much-requested feature by partners, so we’re excited to bring you this security enhancement.

Once the feature is released, go to Settings > General Settings > Agent Management. Here you’ll see the new uninstall protection option. Note that this works with the new Windows RC Agent v10.11.0 and above, previous agents do not have this capability. It’s OK to enable the protection option once available, as older agents will simply ignore this setting.

To receive the uninstall passcode via email, enter email address(es) in the email box on this dialog. Alternatively, you can right-click the device in the north pane and go to ‘Delete device’ to obtain the passcode there. Note that removing devices via the RMM dashboard’s north pane does not change and continues to work as it does currently – the new option only applies when removing agents directly on the endpoint.

After enabling the feature, the next time someone tries to remove the agent (v10.11.0 and higher) on the endpoint, e.g. via Window’s ‘Add or remove programs’ feature, they will be prompted to enter the uninstall key:

Note that with this feature, the latest Windows Agent will check the RMM server to determine whether this security setting is enabled or not. It means that devices have to be online in order to remove the agent directly on the endpoint. If the device is offline and the status of this feature setting therefor can’t be determined, the system will default to prompting for the security code.

Please give these latest security settings a test with the latest RC Agent and share any feedback you may have.

Update to Mac Patch Management

We recently updated the “Run Managed Patch” automated task for Mac to deal with changes to Apple has made to the way macOS performs software updates.

First is that Apple no longer publishes updates for macOS 11 Big Sur to a traditional catalog URL. That means we can no longer cache deprecated updates into a separate catalog and provide a testing buffer. Our Run Managed Patch task will work on Big Sur but it will only provide the latest patches made available by Apple.

Second is that there are reports of instability in the binary (/usr/bin/softwareupdate) that Apple uses to perform patching of macOS including security updates and Safari. Such instability can leave the OS in a non-bootable state. While we have not had any of these cases, there has been enough discussion in the Mac Admin community for us to act.

The unstable behavior is not observed when the user triggers the update from System Preferences. So now when the Run Managed Patch task runs and finds that an Apple patch requiring a reboot needs to be installed, we no longer attempt the scripted installation that may lead to a bricked Mac. Instead we open the Software Update prefpane and display a branded notification to the user asking them to click the Update Now button.

This of course requires that your Run Managed Patch task be set to run while the user is logged in (as a best practice, we recommend two Run Managed Patch tasks be setup: one that runs while the user is present to do most patches and display the new Apple behavior, and one that runs only when the user is logged out to do updates that cannot be installed with the user present).

Summary for Service Release
– Windows RC Agent with uninstall protection, Apple Patch Management Update
– RMM Console v2021.05.12
– Windows RC v10.11.0

RMM Console v2021.05.12
FEATURE: Windows Agent uninstall protection (requires Windows Agent v10.10.6 and up)
BUGFIX: Integrated EDR fix to a specific issue preventing the ability to uninstall EDR and the associated script check (available Monday May 17th)

Windows RC Agent v10.11.0
FEATURE: Uninstall protection with uninstall code
UPDATE: Background improvements to the Antivirus Update Check to address 3rd party check changes more quickly
BUGFIX: Update to Grisoft AVG in the Antivirus Update Check to resolve an agent crashing issue

This entry was posted in N-sight. Bookmark the permalink.