Install the DLP Agent for macOS

DLP administrators install agents to macOS endpoints manually or using deployment software. Symantec recommends that you install a subset of agents manually for testing purposes before deploying agents in your environment.

Before you begin the installation

These steps assume you have generated the agent installation package and completed installation prerequisites. See Generate the agent installation packages and Complete macOS Endpoint Agent Installation Prerequisites.

Install
Upgrade
the DLP Agent for Mac manually

This section provides steps for
installing
upgrading
the DLP Agent for Mac manually. If you do not plan to test the agent installation package, you install Mac agents using MDM software.
  1. Locate the agent installation package ZIP (
    AgentInstaller_Mac64.zip
    ), and unzip it to the Mac endpoint.
    Unzip the file to
    /tmp/MacInstaller
    .
    If you are running macOS 10.15.x and later, Symantec recommends that you unzip the file contents to the
    /tmp/MacInstaller
    folder. macOS prevents the installation from running at locations like
    Downloads
    ,
    Documents
    , and etc.
  2. Install
    Upgrade
    the Mac Agent from the command line using the Terminal application.
    Run the following command on the target endpoint:
    $ sudo sh install_agent.sh
    Replace
    /tmp/MacInstaller
    with the path where you unzipped the agent installation package.
  3. (Optional) Review information about the Mac agent installation.

Install the DLP Agent for macOS Using Deployment Software

You can use a silent installation process by using mobile device management software (MDM) to
install
DLP Agents to endpoints. You must always install the agent installation package from a local directory. If you do not install from a local directory, some functions of the DLP Agent are disabled.
The steps to install the agent using MDM profiles use Jamf as an example. The steps differ if you use a different MDM tool.
  1. Move the macOS endpoint agent installation package to a local machine.
  2. Build a
    PKG
    file using the Jamf Composer tool by completing the following steps:
    1. Define a location (for example,
      /Users/
      ) that all endpoints that are targeted for the installation can access. When you deploy the package, the MDM software pushes the package to the location you define. The following example shows the location.
      PKG file on local machine
    2. Open the Jamf composer and drag the
      AgentInstaller_Mac64
      folder to the
      Composer
      window.
    3. Set executable permissions (model: 755) for the folder-based settings listed in the following table:
      Executable permissions
      User
      R
      W
      X
      Owner
      Enabled
      Enabled
      Enabled
      Group
      Enabled
      Disabled
      Enabled
      Everyone
      Enabled
      Disabled
      Enabled
    4. Select
      Apply to All Enclosed Items
      .
    5. Click
      Build As PKG
      and select a location where you want to save the file.
  3. Configure the Jamf policy by completing the following steps:
    1. Log in to Jamf Pro web console.
    2. Go to
      All Settings
      >
      Computer Management
      and click
      Packages
      .
    3. Click
      New
      . The following screen appears.
      New Package
    4. Enter a name for the package in the
      Display Name
      field.
    5. Click
      Choose File
      , select the PKG file that you created using the Jamf composer, and click
      Save
      .
      After you save the package, it starts uploading to the cloud distribution point.
    6. When the package is uploaded successfully, go to the
      Policies
      page.
    7. Click
      New
      (in the
      Policies
      section) to create a deployment policy.
    8. Complete the following settings on the
      New policy
      page:
      • Enter a display name. For example, enter
        DLP agent
        .
      • Set a trigger. For example, you can use recurrent check-in or based on the policy.
      • Select
        Once per computer
        for the execution frequency.
    9. Click
      Packages
      and click
      Configure
      . The package that you uploaded in step e displays.
    10. Click
      Add
      and leave the remaining fields and selections default.
      The following graphic provides an example of what you see in your Jamf composer.
      Jamf Web Console Policies Example
    11. Click
      Files and Processes
      .
    12. Enter the following command in the
      Execute Command
      field:
      installer -pkg "/Users/AgentInstaller_Mac64/AgentInstall_15_8-15.8.00000.1234.pkg" -target /
      The path and file name are examples. Replace these values with those you defined in step 3.
      The following graphic provides an example of what you see in your Jamf composer.
      Jamf Web Console Execute Command Example
    13. Save the policy.
      The policy is triggered based on settings that you have defined. When the policy triggers, the macOS agent is installed.
  4. Confirm the deployment by completing the following steps:
    1. Go to the policy and click the
      Logs
      option.
    2. Click the
      Details
      option where the deployment details are listed.