Autonomous DEM
MacOS Processes to be Allowlisted on EDR Deployment
Table of Contents
Expand All
|
Collapse All
Autonomous DEM Docs
-
-
- AI-Powered ADEM
- Autonomous DEM for China
-
-
- AI-Powered ADEM
- Access Experience Agent 5.1
- Access Experience Agent 5.3
- Access Experience Agent 5.4
MacOS Processes to be Allowlisted on EDR Deployment
Allow the agent processes on EDR for ADEM to function properly.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
If you use a third-party EDR, you must allow the following MacOS agent processes on the
EDR for ADEM to function properly. Examples of EDRs that require this
include:
CrowdStrike
Trellix
SentinelOne
- ADEM Agents 5.6 and Earlier
MacOS Process Process Process Description User/Permission Level /Applications/Access Experience.app/Contents/MacOS/crypter A support tool _panwdem (sudo) /Applications/Access Experience.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/mtr Path trace test for showing path visualization data on ADEM portal _panwdem (sudo) /Applications/Access Experience.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/DemPathTestService Invokes the mtr process for path traces. _panwdem /Applications/Access Experience.app/Contents/Services/DemWebTestService.xpc/Contents/MacOS/DemWebTestService Runs the curl process. _panwdem /Applications/Access Experience.app/Contents/Services/DemWebTestService.xpc/Contents/MacOS/curl Application performance test using Curl _panwdem /Applications/Access Experience.app/Contents/Services/DemUpdateService.xpc/Contents/MacOS/DemUpdateService Endpoint DEM service software update manager root /Applications/Access Experience.app/Contents/Services/DemNetworkTestService.xpc/Contents/MacOS/DemNetworkTestService Runs ICMP/TCP ping tests. _panwdem /Applications/Access Experience.app/Contents/Services/DemCollectionService.xpc/Contents/MacOS/DemCollectionService Collects local system metrics such as cpu, memory, and wifi statistics. _panwdem /Applications/Access Experience.app/Contents/Services/DemPortalService.xpc/Contents/MacOS/DemPortalService Provides connectivity to the ADEM portal for incoming configuration and transmission of test results. _panwdem /Applications/Access Experience.app/Contents/Services/DemTransmissionService.xpc/Contents/MacOS/DemTransmissionService Runs periodically to collect test results from the other services and transmits them to the portal via the portal service. _panwdem /Applications/Access Experience.app/Contents/MacOS/Access Experience The main Access Experience UI that houses the End User Coaching and Self Service functionality. This is what runs when you click on a notification or launch from the MenuBar or /Applications folder Logged-in User /Applications/Access Experience.app/Contents/Library/Access Experience Menu.app/Contents/MacOS/Access Experience Menu The macOS MenuBar application that provides the launcher for the Access Experience UI and provides Location Services integration for WiFi data collection when integrated with GlobalProtect Logged-in User /Applications/Access Experience.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/mtr-packet Works with the mtr process to provide path trace functionality to the agent. _panwdem (sudo) /Applications/Access Experience.app/Contents/Services/DemUserProxyService.xpc/Contents/MacOS/DemUserProxyService Provides a bridge between the ADEM services that run persistently with the _panwdem credentials to the logged-in users processes. This is required to deliver notifications to the user and real-time updates to the Access Experience UI for End User Coaching and Self Service. _panwdem /Applications/Access Experience.app/Contents/Services/DemNetworkTestService.xpc/Contents/Frameworks/SPLPing.framework/Versions/A/SPLPing A library used by the agent to perform network ping tests N/A: This is a library used by DemNetworkTestService and does not execute independently. /Applications/Access Experience.app/Contents/Services/DemUpdateService.xpc/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop Part of the agent updater mechanism root /Applications/Access Experience.app/Contents/Services/DemUpdateService.xpc/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate Part of the agent updater mechanism root /Applications/Access Experience.app/Contents/Services/DemUpdateService.xpc/Contents/Frameworks/Sparkle.framework/Versions/A/Sparkle Part of the agent updater mechanism root /etc/ sudoers.d/palo_alto_networks_dem A file listing processes that require sudo access N/A: This is a configuration file and not an executable, so permission levels do not apply. /Applications/Access Experience.app/Contents/Services/DemAnalyticsService.xpc/Contents/MacOS/DemAnalyticsService Performs data collection and processing for the End User Coaching and Self Service features. _panwdem - ADEM Agent 5.7
MacOS Process Process Process Description User/Permission Level /Applications/Access Experience.app/Contents/MacOS/crypter A support tool _panwdem (sudo) /Applications/Access Experience.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/mtr Path trace test for showing path visualization data on ADEM portal _panwdem (sudo) /Applications/Access Experience.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/DemPathTestService Invokes the mtr process for path traces. _panwdem /Applications/Access Experience.app/Contents/Services/DemWebTestService.xpc/Contents/MacOS/DemWebTestService Runs the curl process. _panwdem /Applications/Access Experience.app/Contents/Services/DemWebTestService.xpc/Contents/MacOS/curl Application performance test using Curl _panwdem /Applications/Access Experience.app/Contents/Services/DemUpdateService.xpc/Contents/MacOS/DemUpdateService Endpoint DEM service software update manager root /Applications/Access Experience.app/Contents/Services/DemNetworkTestService.xpc/Contents/MacOS/DemNetworkTestService Runs ICMP/TCP ping tests. _panwdem /Applications/Access Experience.app/Contents/Services/DemCollectionService.xpc/Contents/MacOS/DemCollectionService Collects local system metrics such as cpu, memory, and wifi statistics. _panwdem /Applications/Access Experience.app/Contents/Services/DemPortalService.xpc/Contents/MacOS/DemPortalService Provides connectivity to the ADEM portal for incoming configuration and transmission of test results. _panwdem /Applications/Access Experience.app/Contents/Services/DemTransmissionService.xpc/Contents/MacOS/DemTransmissionService Runs periodically to collect test results from the other services and transmits them to the portal via the portal service. _panwdem /Applications/Access Experience.app/Contents/MacOS/Access Experience The main Access Experience UI that houses the End User Coaching and Self Service functionality. This is what runs when you click on a notification or launch from the MenuBar or /Applications folder Logged-in User /Applications/Access Experience.app/Contents/Library/Access Experience Menu.app/Contents/MacOS/Access Experience Menu The macOS MenuBar application that provides the launcher for the Access Experience UI and provides Location Services integration for WiFi data collection when integrated with GlobalProtect Logged-in User /Applications/Access Experience.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/mtr-packet Works with the mtr process to provide path trace functionality to the agent. _panwdem (sudo) /Applications/Access Experience.app/Contents/Services/DemUserProxyService.xpc/Contents/MacOS/DemUserProxyService Provides a bridge between the ADEM services that run persistently with the _panwdem credentials to the logged-in users processes. This is required to deliver notifications to the user and real-time updates to the Access Experience UI for End User Coaching and Self Service. _panwdem /Applications/Access Experience.app/Contents/Services/DemNetworkTestService.xpc/Contents/Frameworks/SPLPing.framework/Versions/A/SPLPing A library used by the agent to perform network ping tests N/A: This is a library used by DemNetworkTestService and does not execute independently. /Applications/Access Experience.app/Contents/Services/DemUpdateService.xpc/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/fileop Part of the agent updater mechanism root /Applications/Access Experience.app/Contents/Services/DemUpdateService.xpc/Contents/Frameworks/Sparkle.framework/Versions/A/Resources/Autoupdate.app/Contents/MacOS/Autoupdate Part of the agent updater mechanism root /Applications/Access Experience.app/Contents/Services/DemUpdateService.xpc/Contents/Frameworks/Sparkle.framework/Versions/A/Sparkle Part of the agent updater mechanism root /etc/ sudoers.d/palo_alto_networks_dem A file listing processes that require sudo access N/A: This is a configuration file and not an executable, so permission levels do not apply. /Applications/Access Experience.app/Contents/Services/DemAnalyticsService.xpc/Contents/MacOS/DemAnalyticsService Performs data collection and processing for the End User Coaching and Self Service features. _panwdem Processes to be allowlisted to monitor LAN health when local network access is disabled /Applications/Access Experience.app/Contents/Services/DemLocalNetworkTestService.xpc/Contents/MacOS/DemLocalNetworkTestService Dedicated process for running ICMP/TCP ping tests to local network targets, such as the default gateway. _panwdem /Applications/Access Experience.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/local-network/mtr Local network specific path trace test for showing path visualization data on the ADEM portal. _panwdem (sudo) /Applications/Access Experience.app/Contents/Services/DemPathTestService.xpc/Contents/MacOS/local-network/mtr-packet Works with the local network specific mtr process to provide path trace functionality to the agent._panwdem (sudo)