Install the Traps Agent for Mac

Before installing Traps on a Mac endpoint, verify that the system meets the requirements described in Traps for Mac Requirements.
Install Traps using a software distribution tool of your choice (such as JAMF) or using the following workflow:
  1. Download the installation package you want to install from Traps management service.
  2. Copy the installation package to the endpoint on which you want to install the Traps software.
  3. Unzip the installation package.
  4. (
    Optional in Traps 6.1.2 and later releases
    ) Configure a Traps specific proxy on the endpoint.
    If you are deploying Traps in an environment where Traps agents communicate with the Traps management service through a proxy, you must assign the proxy IP address and port number during the Traps agent installation on the endpoint.
    1. Locate the
      Config.xml
      file in the unzipped installation folder.
    2. Edit the
      <proxy_list>
      <proxyserver>:<port>
      </proxy_list>
      tag.
      • To install a Traps agent with a Traps specific proxy, enter your proxy IP address and port number. You can set up to five different proxies per agent. Traps management service chooses randomly which proxy is used to communicate with the agent each time.
        <proxy_list>10.196.20.244:8080,10.196.20.245:8080</proxy_list>
      • To install a Traps agent communicating through the Palo Alto Networks Broker Service, you must enter the broker VM IP address and port number 8888 only.
    3. After the initial installation, you can change the proxy settings in
      Traps management service
      Endpoints
      .
  5. Install the Traps software.
    1. Run the
      Traps.pkg
      installation file.
      traps-mac-install-intro.png
    2. Click
      Continue
      to proceed with the installation.
    3. If prompted to confirm the destination, click
      Continue
      .
    4. Click
      Install
      to begin the installation.
    5. Enter the
      User Name
      and
      Password
      of the administrator with access to install software on the endpoint, and then click
      Install Software
      .
    6. (
      macOS 10.13 and later versions
      ) Allow Traps to install system extensions:
      1. Dismiss the
        System Extension Blocked
        warning.
      2. Go to
        System Preferences
        Security & Privacy
        General
        and select
        Allow
        .
        traps-mac-install-security-and-privacy.png
    Traps logs any installation errors to
    /var/logs/installation.log
    . If installation fails for any reason, you can view this log to better understand the cause of the installation failure.
  6. After the installation completes, verify your connection.
    1. To open the Traps console, click the Traps icon in the menu bar, and select
      Open Console
      .
    2. Click
      Check In Now
      to initiate a connection with your tenant of Traps management service. If successful, the
      Last Check-In
      field updates to display the recent check-in date and time.
      traps-console-mac-events.png
      If the Traps agent cannot register with the Traps management service, the agent does not retry registration. To retry, reinstall the Traps agent on the endpoint.
  7. (
    macOS 10.15 and later versions
    ) Grant full disk access.
    Due to changes in the security settings of macOS 10.15, you must allow Traps full disk access on your endpoint to enable full protection. If you do not authorize Traps full disk access on your endpoint, the Traps agent provides only partial protection of files in the
    /Applications
    directory. The first time Traps detects an attempt to run an executable file located in another protected location on the endpoint as part of the anti-malware flow, macOS will deny Traps access and prompts the user to grant full disk access.
    You can grant Traps full disk access manually or using a third-party tool such as JAMF.
    To grant Traps full disk access locally on the endpoint:
    1. Go to
      System Preferences
      Security & Privacy
      tab, and select
      Full Disk Access
      .
    2. To make changes, click lock icon ( mac-settings-lock-icon.png ) on the bottom left, enter your credentials, and
      Unlock
      .
    3. Navigate to
      Macintosh HD
      Library
      Application Support
      PaloAltoNetworks
      Traps
      bin
      .
    4. Select
      trapsd
      ,
      authorized
      , and
      pmd
      .
      mac-full-disk-access-apps.png
    5. When you’re done, click mac-settings-unlock-icon.png to save your changes and stop editing.

Recommended For You