End-of-Life (EoL)

Install the Cortex XDR Agent for Mac Using JAMF

You can Install the Cortex XDR Agent for Mac manually on the endpoint or deploy the agent to multiple endpoints using a third-party software deployment tool such as JAMF. Use the following steps to set up a JAMF profile.
  1. Create a new JAMF configuration profile for your computers.
  2. Configure
    Approved Kernel Extensions
    .
    1. Allow users to approve kernel extensions
      .
    2. Add an approved Team ID for Palo Alto Networks:
      • Display Name—
        Palo Alto Networks
      • Team ID—
        PXPZ95SK77
    3. Save
      the configuration.
  3. Configure
    System Extensions
    .
    1. Allow users to approve system extensions
      .
    2. Define the entity as follows:
      • Display Name—
        Palo Alto Networks
      • System Extension Types—
        Allowed System Extensions
      • Team Identifier—
        PXPZ95SK77
      • Allowed system extension bundles—
        com.paloaltonetworks.traps.securityextension
        and
        com.paloaltonetworks.traps.networkextension
    3. Save
      the configuration.
  4. Next, configure
    Privacy Preferences Policy Control
    .
    1. Use the following settings to define the entity:
      • Receiver Identifier—
        com.paloaltonetworks.traps-agent
      • Receiver Identifier Type—
        Bundle ID
      • Code Requirement—
        identifier "com.paloaltonetworks.traps-agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = PXPZ95SK77
    2. In
      App or Service
      , set
      SystemPolicyAllFiles
      to
      Allow
      .
    3. Add and
      Allow
      the following
      AppleEvents
      configuration for finder using the following definitions:
      • Receiver Identifier—
        com.apple.finder
      • Receiver Identifier Type—
        Bundle ID
      • Receiver Code Requirement—
        identifier "com.apple.finder" and anchor apple
    4. Add and
      Allow
      the following
      AppleEvents
      configuration for system UI server using the following definitions:
      • Receiver Identifier—
        com.apple.systemuiserver
      • Receiver Identifier Type—
        Bundle ID
      • Receiver Code Requirement—
        identifier "com.apple.systemuiserver" and anchor apple
    5. Add and
      Allow
      the following
      AppleEvents
      configuration for system events using the following definitions:
      • Receiver Identifier—
        com.apple.systemevents
      • Receiver Identifier Type—
        Bundle ID
      • Receiver Code Requirement—
        identifier "com.apple.systemevents" and anchor apple
    6. Save
      the configuration.
  5. Add a new
    App Access
    configuration for Cortex XDR security extensions.
    This configuration is required to enable the security extension to communicate with the OS.
    1. Define the following entity:
      • Identifier—
        com.paloaltonetworks.traps.securityextension
      • Identifier Type—
        Bundle ID
      • Code Requirement—
        identifier "com.paloaltonetworks.traps.securityextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = PXPZ95SK77
    2. In
      App or Service
      , set
      SystemPolicyAllFiles
      to
      Allow
      .
    3. Save
      the configuration.
  6. Add a new
    App Access
    entity for the Cortex XDR Process Monitor Daemon (pmd).
    This configuration allows the daemon access to analyze processes, files, disk access, utilities and more.
    1. Use the following settings to define the entity:
      • Identifier—
        /Library/Application Support/PaloAltoNetworks/Traps/bin/pmd
      • Identifier Type—
        Path
      • Code Requirement—
        identifier pmd and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = PXPZ95SK77
    2. In
      App or Service
      , set
      SystemPolicyAllFiles
      to
      Allow
      .
    3. Save
      the configuration.

Recommended For You