Reset Search
 

 

Article

KB44872 - OPSWAT diagnostic tool for Mac will not run on Big Sur machines

« Go Back

Information

 
Last Modified Date8/18/2021 12:14 AM
Synopsis
In each ESAP version releases we are packaging the OPSWAT diagnostics tool separately, to collect the security products information on the Mac-OS endpoint machines to identify the root cause for the HostCheck compliance failures and supportability.
Problem or Goal
OPSWAT diagnostics tool were failed to run on the Mac OS Big Sur and all the ESAP versions were affected.  We are providing workaround for the time being and working on the permanent solution. 
Cause
OPSWAT diagnostics tool were failed to run on the Mac OS Big Sur due to nature of the operating system where it quarantine the file where it downloads from the Internet.
Solution
The below workaround applicable for all the ESAP versions where it is affected and not able to run and collect the OPSWAT diagnostic logs.

Step 1:
Download the file,

$ ls
ps-esap-3.8.0-diag-tool-v3-v4-mac.zip


Step 2: Unzip the file by decompress it.

$ unzip ps-esap-3.8.0-diag-tool-v3-v4-mac.zip


Step 3: List out the files after the uncompression

$ ls -al
total 8
drwx------+ 6 staff 192 Jul 28 07:19 .
drwxr-xr-x+ 15 staff 480 Jul 28 06:49 ..
drwx------@ 4 staff 128 Jul 28 07:13 ps-esap-3
-rw-r--r-- 1 staff 170 Jul 28 07:12 ps-esap-3.8.0-diag-tool-v3-v4-mac.zip


Step 4: Change directory to ps-esap-3 folder.

$ cd ps-esap-3

$ $ ls -al

total 8
drwx------@ 4  staff 128 Jul 28 07:13 .
drwx------+ 6 staff 192 Jul 28 07:19 ..
drwxrwxr-x@ 3  staff 96 Jul 28 07:13 OpswatDiagnoseTool.app
-rw-rw-r--@ 1 staff 127 Sep 28 2016 RunOpswatDiagnoseTool.sh


Step 5: Setup permissions for scripts and binary.

$ find . -iname "*.sh" | xargs -I{} chmod a+x "{}"

$ chmod a+x OpswatDiagnoseTool.app/Contents/MacOS/OpswatDiagnoseTool


Step 6: Take off the application from quarantine

$ sudo xattr -rd com.apple.quarantine OpswatDiagnoseTool.app/


Step 7: Run the .sh file to collect the OPSWAT diagnostics report.

$ ./RunOpswatDiagnoseTool.sh

Do you want to run this as root?

Please enter Y for yes and N for no



Note: We are working on notarize each binary on the tool, and then, try to notarize the whole tool as a permanent solution. Once we have the complete work done, will update this KB accordingly.
 
Related Links
Attachment 1 
Created BySudhakar Damodaran

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255