Install Traps on Mac Endpoints

Before you can install or upgrade Traps for Mac, you must download the software from the Support portal and then generate an installation package from the ESM Console. The installation package specifies the IP address and port settings the agent will use to connect to the ESM Server. To generate the installation package you must be assigned a role which enables the Installation Package privilege. Otherwise, this feature is disabled (hidden completely from view) or read-only.
Use the following instructions to create and install the package directly on the endpoint:
  1. Download the Traps for Mac software ZIP file from the Supportportal.
    The Traps for Mac software version must not exceed the current ESM version.
  2. Generate the installation package. This package specifies the ESM Server or ESM Servers to which the agent can connect for the first time. After the first successful connection, the agent receives a list of all available ESM Servers to use for future connections.
    1. From the ESM Console, select SettingsAgentInstallation Package.
    2. From the action menu manage-hidden-menu-icon.png , select Generate Package.
    3. Select the ESM Server to which the Traps agent will first connect. The ESM Console automatically populates the list with any enabled ESM Servers (to review your servers, select SettingsESMMulti ESM).
      • If you use a multi-ESM deployment, we recommend that you select All to include all available ESM Servers with the installation package. This ensures the agent can try other ESM Servers when the primary ESM Server is unreachable.
      • If you only use one ESM Server or prefer to force the agent to establish the initial connection with a specific ESM Server (such as in a regional deployment), select the specific ESM Server from the list.
    4. Browse to the Traps for Mac software package you downloaded in the first step.
    5. Click Generate.
  3. Verify the status of the installation package.
    When the installation package is available, the ESM Console displays a new record in the Installation Package table indicating the time the package was created and a link to Download the installation package.
    To view the status of the installation package, you can also filter the ESM logs (MonitorESMLogs) for a Report Type of Installation Package. The log message indicates whether the ESM Console successfully generated the package.
  4. When the installation package has finished generating, save the installation package.
    1. Select SettingsAgentInstallation Package.
    2. Select the Download link next to the installation package and save it to a location that you can reach from the Mac endpoint.
  5. Install Traps for Mac on the endpoint. Alternatively, you can use your preferred software deployment tool to distribute the installation package to multiple Mac endpoints.
    To install Traps for Mac on the endpoint using the installation package:
    1. Open the installation package and double click the Traps.pkg file to launch the installer.
    2. Click Continue to proceed with the installation.
    3. If prompted to confirm the destination, click Continue.
    4. Click Install to begin the installation.
    5. Enter the Username and Password credentials of the administrator with access to install software on the endpoint, and then click Install Software.
    6. (Traps 4.1.1 and later on macOS 10.13) Allow Traps to install system extensions: Dismiss the System Extension Blocked warning and go to System PreferencesSecurity & PrivacyGeneral and select Allow.
  6. To use SSL for secure communication between the Traps agent and the ESM Server, add the trusted root CA certificate of the ESM Server on the Mac endpoint.
    You must have administrative privileges on the endpoint to perform this step.
    1. Export the trusted root CA certificate from the ESM Server and copy it to a location which you can access from the Mac endpoint.
    2. From a command prompt, use the following command to add the certificate with Always Trust settings:
      sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <full_path_to_certificate_in_PEM_or_DER_format>
    3. To verify that the trusted root CA certificate was added to the Keychain library, open Keychain Access (ApplicationsUtilitiesKeychain Access) and view the System keychains.
  7. After the installation completes, verify your connection.
    1. To open the Traps console, click the Traps icon in the menu bar, and select Open Console.
    2. Click Check In Now to initiate a connection with the ESM Server. If successful, the Last Check-In field updates to display the recent check-in date and time.

Related Documentation