Steps to monitor SIP-protected applications on updated macOS endpoints

Complete the following steps to monitor SIP-protected applications on updated macOS endpoints:
  1. Log in to the Enforce Server administration console.
  2. Go to
    System > Agents > Agent Configuration
    and click an agent configuration that is applied to the macOS agent.
  3. Click the
    Advanced agent settings
    tab and locate the setting: Hooking.SIP_AGENT_OSX_VERSION_COMPATIBILITY.str.
  4. Add the DLP Agent version and updated macOS version to the default value separated by a semicolon.
    The following tables list SIP monitoring support for macOS and DLP Agent version combinations:
    Each table lists the value you enter to enable SIP monitor coverage. "Not supported" indicates that SIP monitoring is not supported for the macOS and DLP Agent version combination. "Supported" indicates that you are not required to enter a string to monitor SIP-protected application on the macOS/DLP Agent version.
  5. Consider the following when adding strings to the Hooking.SIP_AGENT_OSX_VERSION_COMPATIBILITY.str setting:
    • Add new values using the default syntax:
      DLPAgent-version:macOS-version
      .
    • Add a value for each DLP Agent version running on endpoints. For example, if you are running version 15.8 and 15.8 MP1 agents with macOS version 10.15.7, you enter a separate value for each agent version (15.8 and 15.8 MP1 agents). For this example scenario, you would enter
      15.8.0:10.15.7;15.8.0100:10.15.7
      .
    • Enter a DLP Agent version that exactly matches the version that displays on the Enforce Server administration console. Refer to the Agent Overview screen in the Enforce Server administration console to confirm the agent version.
    • Enter a macOS version equal to or greater than the macOS version running on endpoints. If you enter
      15.8.0100:10.15.7
      , macOS versions 10.15 through 10.15.7 are monitored on version 15.8 MP1 agents.
    • Add a value for each DLP Agent version running on endpoints. For example, if you are running DLP Agent version 15.8 (on macOS 10.14.1 endpoints) and 15.8 MP1 (on macOS endpoints up to version 10.14.4) in your environment, you enter the following:
      15.8.0:10.14.1;15.8.0100:10.14.4
      .
      DLP Endpoint Agent hot fixes are cumulative for both Mac and Windows machines. Thus, if you have applied a subsequent hot fix for your Mac Agent, you will need to update the SIP settings accordingly.
  6. Save your changes to apply the setting. After saving changes, the agent begins monitoring SIP-protected applications.
macOS 10.11 and DLP Agent version 15.x combinations
macOS version
DLP version 15.8
10.11.3
Not supported
10.11.4
Not supported
10.11.5
Not supported
10.11.6
Not supported
macOS 10.12 and DLP Agent version 15.x combinations
macOS version
DLP version 15.8
10.12.0
Not supported
10.12.1
Not supported
10.12.2
Not supported
10.12.3
Not supported
10.12.4
Not supported
10.12.5
Not supported
10.12.6
Not supported
macOS 10.13 and DLP Agent version 15.x combinations
macOS version
DLP version 15.8
10.13.1
Not supported
10.13.2
Not supported
10.13.3
Not supported
10.13.4
Not supported
10.13.5
Not supported
10.13.6
Not supported
macOS 10.14 and DLP Agent version 15.x combinations
macOS version
DLP version 15.8
10.14
Supported
10.14.1
Supported
10.14.2
Supported
10.14.3
Supported
10.14.4
Supported
10.14.5
Supported
10.14.6
Supported
macOS 10.15 and DLP Agent version 15.x combinations
macOS version
DLP version 15.8
10.15
Supported
10.15.1
Supported
10.15.2
Supported
10.15.3
Supported
10.15.4
Supported
10.15.5
Supported
10.15.6
Supported
10.15.7
Supported