Install the Cortex XDR Agent for Mac Using JAMF

You can Install the Cortex XDR Agent for Mac manually on the endpoint or deploy the agent to multiple endpoints using a third-party software deployment tool such as JAMF. Use the following steps to set up a JAMF profile.
  1. In your JAMF profile, enable the
    Approved Kernel Extensions
    and define the properties as follows:
    • Display Name—
      Palo Alto Networks
    • Team ID—
      PXPZ95SK77
  2. Configure
    System Extensions
    .
    Allow users to approve extensions
    and define the entity as follows:
    • Display Name—
      Palo Alto Networks
    • System Extension Types—
      Allowed System Extensions
    • Team Identifier—
      PXPZ95SK77
    • Allowed system extension bundles—
      com.paloaltonetworks.traps.securityextension
      and
      com.paloaltonetworks.traps.networkextension
  3. Next, configure
    Privacy Preferences Policy Control
    .
    1. Use the following settings to define the entity:
      • Identifier—
        com.paloaltonetworks.traps-agent
      • Identifier Type—
        Bundle ID
      • Code Requirement—
        identifier "com.paloaltonetworks.traps-agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = PXPZ95SK77
    2. In
      App or Service
      , set
      SystemPolicyAllFiles
      to
      Allow
      .
  4. Add a new
    App Access
    entity for the Cortex XDR Process Monitor Daemon (pmd).
    This configuration allows the daemon access to analyze processes, files, disk access, utilities and more.
    1. Use the following settings to define the entity:
      • Identifier—
        /Library/Application Support/PaloAltoNetworks/Traps/bin/pmd
      • Identifier Type—
        Path
      • Code Requirement—
        identifier pmd and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = PXPZ95SK77
    2. In
      App or Service
      , set
      SystemPolicyAllFiles
      to
      Allow
      .

Recommended For You