Allow Full-disk Access for the DLP Agent on macOS Endpoints
You must configure an MDM profile to allow the full disk access for the DLP Agent on macOS endpoints.
For illustration purposes, the following instructions assume that you plan to use Jamf, an IT management application.
When you download the agent installer package from the Broadcom Product Downloads portal, the package contains a ready-to-use MDM configuration file that you can use with a management application like Jamf to perform several deployment tasks simultaneously. See Sample Jamf MDM configuration file for macOS endpoints.
- In Jamf, select a configuration profile.
- Navigate toPrivacy Preferences Policy Control.
- UnderApp Access, in theIdentifier field, type/Library/Manufacturer/Endpoint Agent/edpa.
- In theIdentifier Typemenu, selectPath.
- In theCode Requirementfield, enter the following:identifier edpa and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = Y2CCP3S9W7If you copy this information from the documentation, make sure that there are no extra line breaks when you paste it in theCode Requirementfield.
- In theAPP OR SERVICEtable, add the following settings:APP OR SERVICEACCESSSystemPolicyAllFilesAllowSystemPolicyRemovableVolumesAllowSystemPolicyNetworkVolumesAllow
- ClickSave.
You can refer to the
System > Agents > Overview
page of the Enforce Server administration console to view and troubleshoot any issues.