macOS Sequoia- new entitlements
Apple are now stopping non signed installers from running at all on macOS Sequioa.
This means no more workarounds and the only way to install is via an MDM since ScreenConnect is still not signed despite the feature request being nearly 10 years old.
In addition, Apple have decided that they need to notify users even more aggressively about software on their systems that can do stuff like control their screen. So we now face the prospect of people turning off remote access because they don't understand what's going on.
Apple now have a new entitlement that you need to apply for which might mitigate this a bit.
Apply for the 'persistent content capture' key and we can probably reduce the noise and confusion that customers face
https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_persistent-content-capture?changes=latest_major
Customer support service by UserEcho
Despite Apple changing the wording of the unsigned installer warning in Sequoia you can in fact still install it, the "Open Anyway" buttons is still placed in the usual place in Privacy & Security in System Preferences and using it enables one to bypass the gate keeper checks and install the access client as normal.
However this frequent re-prompting for permissions with a maximum life of 30 days is going to be a big headache for those of us supporting macs, please implement the above entitlement for persistent capture.
Hi Andrew,
I appreciate the extra info, but let's be clear. up until macOS Sequoia we had the ability to right-click and open unsigned installers. This has gone away. Using System Preferences/ Privacy & Security 'Open Anyway' requires Admin privileges which none of our users have, so I did not consider this a viable option.
- ScreenConnect is a major part of our stack
- Apple has been saying unsigned installers would be disallowed for a decade
- bypassing the enforcement is incredibly poor
Dear Connectwise,
Having signed installers is a requirement. It is not optional. You've had a decade to re-engineer this.
From my limited experience it doesn't look too hard, you just need to separate the hardened / notarised installer from the preferences which are custom.
I'm super annoyed that I've had to purchase an alternative (and less good) product because one day we may not be able to use yours due to your lack of interest.