End-of-Life (EoL)
Install the Cortex XDR Agent for Mac Using JAMF
You can Install the Cortex XDR Agent for Mac manually on
the endpoint or deploy the agent to multiple endpoints using a third-party
software deployment tool such as JAMF. Use the following steps to
set up a JAMF profile.
- Create a new JAMF configuration profile for your computers.
- ConfigureApproved Kernel Extensions.
- Allow users to approve kernel extensions.
- Add an approved Team ID for Palo Alto Networks:
- Display Name—Palo Alto Networks
- Team ID—PXPZ95SK77
- Savethe configuration.
- ConfigureSystem Extensions.
- Allow users to approve system extensions.
- Define the entity as follows:
- Display Name—Palo Alto Networks
- System Extension Types—Allowed System Extensions
- Team Identifier—PXPZ95SK77
- Allowed system extension bundles—com.paloaltonetworks.traps.securityextensionandcom.paloaltonetworks.traps.networkextension
- Savethe configuration.
- Next, configurePrivacy Preferences Policy Control.
- Use the following settings to define the entity:
- Receiver Identifier—com.paloaltonetworks.traps-agent
- Receiver Identifier Type—Bundle ID
- Code Requirement—identifier "com.paloaltonetworks.traps-agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = PXPZ95SK77
- InApp or Service, setSystemPolicyAllFilestoAllow.
- Add andAllowthe followingAppleEventsconfiguration for finder using the following definitions:
- Receiver Identifier—com.apple.finder
- Receiver Identifier Type—Bundle ID
- Receiver Code Requirement—identifier "com.apple.finder" and anchor apple
- Add andAllowthe followingAppleEventsconfiguration for system UI server using the following definitions:
- Receiver Identifier—com.apple.systemuiserver
- Receiver Identifier Type—Bundle ID
- Receiver Code Requirement—identifier "com.apple.systemuiserver" and anchor apple
- Add andAllowthe followingAppleEventsconfiguration for system events using the following definitions:
- Receiver Identifier—com.apple.systemevents
- Receiver Identifier Type—Bundle ID
- Receiver Code Requirement—identifier "com.apple.systemevents" and anchor apple
- Savethe configuration.
- Add a newApp Accessconfiguration for Cortex XDR security extensions.This configuration is required to enable the security extension to communicate with the OS.
- Define the following entity:
- Identifier—com.paloaltonetworks.traps.securityextension
- Identifier Type—Bundle ID
- Code Requirement—identifier "com.paloaltonetworks.traps.securityextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = PXPZ95SK77
- InApp or Service, setSystemPolicyAllFilestoAllow.
- Savethe configuration.
- Add a newApp Accessentity for the Cortex XDR Process Monitor Daemon (pmd).This configuration allows the daemon access to analyze processes, files, disk access, utilities and more.
- Use the following settings to define the entity:
- Identifier—/Library/Application Support/PaloAltoNetworks/Traps/bin/pmd
- Identifier Type—Path
- Code Requirement—identifier pmd and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = PXPZ95SK77
- InApp or Service, setSystemPolicyAllFilestoAllow.
- Savethe configuration.
Recommended For You
Recommended Videos
Recommended videos not found.