Components that should be enabled
The following components should be enabled for XDR Sensor:
- System Pop-up – Opens automatically and prompts users to allow the extension to be loaded.
- Kernel Extension – From macOS10.13 to macOS10.15 require user approval before loading new, third-party kernel extensions. Apex One (Mac) uses kernel extensions for the real-time protection features.
-
System Extension - Starting from macOS Big Sur, Kernel Extension will not be loaded by the system. To comply with changes to the Apple guidelines for software developers, we have updated our Endpoint Security and Network Extension frameworks.
-
com.trendmicro.icore.es.sa → Includes process executions, mounting file systems, forking processes, and raising signals.
Reference: Apple Developer Documentation on Endpoint Security
-
com.trendmicro.icore.netfilter.sa → Extends core networking features.
Reference: Apple Developer Documentation on Network Extension
-
-
Web Content Filter: An on-device network content filter examines user network content as it passes through the network stack and determines if that content should be blocked or allowed to pass on to its final destination.
Reference: Apple Developer Documentation on Content Filter Providers
-
Full Disk Access: Full Disk Access permission is a privacy feature introduced in macOS Mojave (10.14) that prevents some applications from accessing your important data, such as Mail, Messages, TimeMachine, and Safari files. This means you need to manually grant permission for certain applications to access these protected areas of your Mac. In earlier versions of macOS (10.13 and lower), this permission is automatically granted during installation of your product.
If Full Disk Access is not enabled, your product is unable to scan all areas of your Mac. This means Apex one for Mac cannot fully protect your Mac against malware and other network security threats, and product can only scan a limited portion of your system folders and hard drive, potentially resulting in unnecessary clutter remaining on your Mac.
Enabling XDR Sensor
The following is a detailed guide on how to enable the XDR Sensor on a machine with macOS Big Sur:
-
The System Extension Blocked pop-up window appears after enabling Endpoint Sensor.
-
The Set Up Required Permissions prompt should appear. Click on Continue.
-
Follow the steps on the prompt to allow System Extension.
-
Follow the steps on the next prompt to Allow Full Disk Access.
-
Once steps have been successfully completed, the prompt “Endpoint sensor enabled successfully” should be shown.
This can be deployed via an MDM Solution (Jamf Now). Refer to the KB article: Enabling Apex One (Mac) Permissions via JAMF Now.