Facebook-f Icon-linkedin
Facebook-f Icon-linkedin

MAC OS Steps

To install the macOS Agent

  1. Get the Site or Group Token
  2. Install the Agent using the command line or the Installation Wizard.
  3. Authorize Full Disk Access and Network Extension (this must be done locally).
  4. Authorize the Bluetooth Low Energy permissions.
  5. Upgrading macOS Agents with a Local Upgrade.
  1. Run the installation package and enter the Token string when prompted in the installation wizard.token-entry-installer-wizzard-step.png
  2. Complete the installation.If the EDR icon shows “Needs user attention” or the message “Authorize EDR components in System Preferences“. Authorize Full Disk Access and Network Extension permissions for the EDR Agent in the System Preferences.

The macOS makes sure that applications are installed in a secure way. It limits installation only to applications that are approved by Apple and the user. This change does not let applications access specified paths (such as Documents, Downloads, and Desktop) without user consent.

For macOS Catalina and later releases

The macOS (10.15 Catalina and later releases) makes sure that applications are installed in a secure way. It limits installation only to applications that are approved by Apple and the user. This change does not let applications access specified paths (such as Documents, Downloads, and Desktop) without user consent.

If the EDR icon shows “Needs user attention” or these messages “Authorize Full-Disk-Access to EDR in System Preferences“, “Authorize EDR components in System Preferences“. Approve Full Disk Access for EDR Apps in the System Preferences.

FDA notification
Components notification

Important: This is done only once on an endpoint. If already done on the endpoint, do not repeat it when the Agent is updated. If you do not complete this prerequisite step, the macOS Agent will not have full visibility to all files from all users.

Authorize Full Disk Access to these processes:

  • sentineld
  • sentineld_helper
  • For Agents 21.5 and lower, Authorize Full Disk Access to sentinel_shell
  • For Agents 21.7 and later, Authorize Full Disk Access to sentineld_shell

To Authorize Full Disk Access with MDM:

To Authorize Full Disk Access on a local computer:

  1. On the local computer, open System Preferences.System_prefernces_1.png
  2. Click Security & Privacy, and select the Privacy tab.Privacy_tab.png
  3. Click the lock to make changes.
  4. In the left pane, click Full Disk Access.
  5. Click the + icon.System__.png
  6. Press and hold Command+Shift+G at the same time to open the Go to the folder menu.Command_Shift_g_Keyboard.png
  7. Enter the path:/Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/
  8. Click Go.Go_to_folder.png
  9. Select the EDR applications, and click Open:
    • sentineld.app
    • sentineld_helper.app
    • For Agents 21.5 and lower, Authorize Full Disk Access to sentinel_shell.app
    • For Agents 21.7 and later, Authorize Full Disk Access to sentineld_shell.app
    SentinleOne_components.pngsentineld_sentineld_helper.pngOptional: Drag and drop the EDR applications into the Security & Privacy window.
    1. Open a Finder window.
    2. Navigate to /Library/Sentinel.
    3. Right-click the sentinel-agent.bundle, and select Show Package Contents.
    4. Navigate to the /Contents/MacOS/ folder.
    5. Select the required EDR applications, and drag the applications to the Security & Privacy window.
  10. Close System Preferences.

If the EDR icon shows “Needs user attention” or these messages “Authorize EDR Network Extension in System Preferences“, “Authorize EDR components in System Preferences” you must approve the network Extension for EDR in the System Preferences.

Network_Extension.png
Components notification

Do this only one time on every macOS endpoint. If you already approved it, there is no need to repeat it when the EDR App is updated. If you do not complete this prerequisite step, your mac will not be fully protected.

If you use Mobile Device Management (MDM) solution to manage your Endpoints, see:

To approve Network Extension:

  1. If you see the System Extension Blocked message, click Open Security Preferences.Note: If you click OK, the window closes. To approve the EDR Network Extension later, open System Preferences > Security & privacy > Security.
  2. At System software from application “EDR Extensions” was blocked from loading, click Allow.
  3. In the window that opens, click Allow.

For macOS Ventura +

If the EDR icon shows “Needs user attention” or these messages “Authorize Full-Disk-Access to EDR in System Preferences“, “Authorize EDR components in System Preferences“. Approve Full Disk Access for EDR Apps in the System Settings.

FDA notification
Components notification

Important: This is done only once on an endpoint. If already done on the endpoint, do not repeat it when the Agent is updated. If you do not complete this prerequisite step, the macOS Agent will not have full visibility to all files from all users.

Authorize Full Disk Access to these processes:

  • sentineld
  • sentineld_helper
  • sentineld_shell

To Authorize Full Disk Access on a local computer:

  1. On the local computer, open System Settings.System_settings.png
  2. Click Privacy & Security, and select the Full Disk Access tab.System_settings___FDA.png
  3. Click the + button.FDA____.png
  4. Press and hold Command+Shift+G at the same time to open the Go to the folder menu.Command_Shift_g_Keyboard.png
  5. Enter the path:/Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/
  6. Double click your destination folder..path_to_FDA.png
  7. Select the EDR applications, and click Open:
    • sentineld.app
    • sentineld_helper.app
    • sentineld_shell.app
    Sentinel_Apps.pngAll_FDA_approved.pngOptional: Drag and drop the EDR applications to the Full Disk Access list.
    1. Open a Finder window.
    2. Navigate to /Library/Sentinel.
    3. Right-click the sentinel-agent.bundle file, and click Show Package Contents.
    4. Navigate to the /Contents/MacOS/ folder.
    5. Select the required EDR applications, and drag the applications to the Full Disk Access list.
  8. Close System Settings.

If the EDR icon shows “Needs user attention” or these messages “Authorize EDR Network Extension in System Preferences“, “Authorize EDR components in System Preferences” you must approve the network Extension for EDR in the System Settings.

Network_Extension.png
Components notification

Do this only one time on every macOS endpoint. If you already approved it, there is no need to repeat it when the EDR App is updated. If you do not complete this prerequisite step, your mac will not be fully protected.

To approve Network Extension:

  1. If you see the System Extension Blocked message, click Open System Settings.Note: If you click OK, the window closes. To approve the EDR Network Extension later, open System Settings > Privacy & Security > Security.System_exstension_blocked.png
  2. At System software from application “EDR Extensions” was blocked from loading, click Allow.Allow_exstension.png
  3. In the window that opens, click Allow.Network_filter.png

Subscribe to our newsletter

Enter your e-mail below to join our newsletter.  We never spam and we never share our database with anyone.  

Follow Us

Mail Us

support@edrforhome.com 

Quick Links

Pricing

Policies

Quick Links

Membership

Policies

Follow Us

Mail Us

support@edrforhome.com 

Copyright © 2023 All Right Reserved | Made With ❤️ by xotatech.com
Shopping cart0
There are no products in the cart!
Continue shopping
0
Scroll to Top

NEXT GEN ANTIVIRUS

support@edrforhome.com