Allow Full-disk Access for the DLP Agent on macOS Endpoints

You must configure an MDM profile to allow the full disk access for the DLP Agent on macOS endpoints.
For illustration purposes, the following instructions assume that you plan to use Jamf, an IT management application.
When you download the agent installer package from the Broadcom Product Downloads portal, the package contains a ready-to-use MDM configuration file that you can use with a management application like Jamf to perform several deployment tasks simultaneously. See Sample Jamf MDM configuration file for macOS endpoints.
  1. In Jamf, select a configuration profile.
  2. Navigate to
    Privacy Preferences Policy Control
    .
  3. Under
    App Access
    , in the
    Identifier field
    , type
    /Library/Manufacturer/Endpoint Agent/edpa
    .
  4. In the
    Identifier Type
    menu, select
    Path
    .
  5. In the
    Code Requirement
    field, enter the following:
    identifier edpa and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = Y2CCP3S9W7
    If you copy this information from the documentation, make sure that there are no extra line breaks when you paste it in the
    Code Requirement
    field.
  6. In the
    APP OR SERVICE
    table, add the following settings:
    APP OR SERVICE
    ACCESS
    SystemPolicyAllFiles
    Allow
    SystemPolicyRemovableVolumes
    Allow
    SystemPolicyNetworkVolumes
    Allow
  7. Click
    Save
    .
You can refer to the
System > Agents > Overview
page of the Enforce Server administration console to view and troubleshoot any issues.