Views:

The following components should be enabled for XDR Sensor:

  • System Pop-up - Opens automatically and prompts users to allow the extension to be loaded
  • System Extension - Starting from macOS Big Sur, Kernel Extension will not be loaded by the system. To comply with changes to the Apple guidelines for software developers, our Endpoint Security and Network Extension frameworks have been updated.
  • Web Content Filter - An on-device network content filter examines user network content as it passes through the network stack and determines if that content should be blocked or allowed to pass on to its final destination.
    Reference: Apple Developer Documentation on Content Filter Providers
  • Full Disk Access - Full Disk Access permission is a privacy feature introduced in macOS Mojave (10.14) that prevents some applications from accessing your important data such as Mail, Messages, TimeMachine, and Safari files. This means you need to manually grant permission for certain applications to access these protected areas of your Mac. In earlier versions of macOS (10.13 and lower), this permission is automatically granted during installation of your product.

Enabling Endpoint Sensor by Mobile Device Management (MDM)

To enable Endpoint Sensor using an MDM, please follow this article on Creating and Configuring MDM Profile(s) for Trend Micro Security Agent for Mac.

Enabling Endpoint Sensor manually

Trend Vision One Endpoint Sensor supports macOS Sequoia, macOS Sonoma, macOS Ventura, macOS Monterey, and macOS Big Sur.

Click the macOS that you are using from the list below to access the steps for enabling Endpoint Sensor manually:

  1. The System Extension Blocked pop-up window appears after enabling Endpoint Sensor.

    New Endpoint

    New Network

  2. The Set Up Required Permissions prompt should appear. Click on Continue.

    Set up Permissions

    If this page doesn't appear automatically, double-click Trend Micro XDR Endpoint Sensor.app in the Applications directory to manually open the authorization page.

    Sensor App

  3. Follow the steps on the prompt to allow System Extension.

    Allow Extensions

    Login Items

    Login Credentials

    Endpoint Security Extensions

    Allow filter network content

    Network Extensions

  4. Follow the steps on the next prompt to Allow Full Disk Access.

    Allow Full Disk Access

  5. Once steps have been successfully completed, the prompt “Endpoint sensor enabled successfully” should be shown.

    Enabled successfully

  1. The System Extension Blocked pop-up window appears after enabling Endpoint Sensor.

    Extension Blocked

    If this page doesn't appear automatically, please double-click Trend Micro XDR Endpoint Sensor.app in the Applications directory to manually open the authorization page.

    Endpoint Sensor App

  2. The Set Up Required Permissions prompt should appear. Click on Continue.

    Set up Permissions

  3. Follow the steps on the prompt to allow System Extension.

    Allow System Extension

    Privacy & Security

    Username & Password

    Application List

    Allow Extension

  4. Follow the steps on the next prompt to Allow Full Disk Access.

    Full Disk Access

  5. Once steps have been successfully completed, the prompt “Endpoint sensor enabled successfully” should be shown.

    Endpoint Sensor Enabled

  1. The System Extension Blocked pop-up window appears after enabling Endpoint Sensor.

    Module state

    If this page doesn't appear automatically, double-click Trend Micro XDR Endpoint Sensor.app in the Applications directory to manually open the authorization page.

    Module state

  2. The Set Up Required Permissions prompt should appear. Click Continue.

    Module state

  3. Follow the steps on the prompt to allow System Extension.

    Module state

    Module state

    Module state

    Module state

    Module state

  4. Follow the steps on the next prompt to Allow Full Disk Access.

    Module state

  5. Once steps have been successfully completed, the prompt “Endpoint sensor enabled successfully” should be shown.

    Module state

  1. The System Extension Blocked pop-up window appears after enabling Endpoint Sensor.

    Module state

    If this page doesn't appear automatically, double-click Trend Micro XDR Endpoint Sensor.app in the Applications directory to manually open the authorization page.

    Module state

  2. The Set Up Required Permissions prompt should appear. Click Continue.

    Module state

  3. Follow the steps on the prompt to allow System Extension.

    Module state

    Module state

    Module state

    Module state

  4. Follow the steps on the next prompt to Allow Full Disk Access.

    Module state

  5. Once steps have been successfully completed, the prompt “Endpoint sensor enabled successfully” should be shown.

    Module state

After all permissions have been granted. You can confirm the information on the "Full Disk Access" and "Network" pages. On "Full Disk Access" page, make sure the following apps are selected:

  • Trend Micro Extension (XDR)
  • iCore Security
  • Trend Micro XDR Endpoint Sensor

For macOS Sequoia and above, on the "Login Items & Extensions" page, make sure "Trend Micro Extension (XDR)" and "Trend Micro Network Extension (XDR)" have been enabled.

For macOS Sonoma, macOS Ventura, macOS Monterey, and macOS Big Sur, on the "Network" page, make sure "Trend Micro Network Extension (XDR)" has been added.

Keywords: endpoint sensor macOS Ventura, endpoint sensor macOS Monterey, endpoint sensor macOS Big Sur, endpoint sensor macOS Catalina, endpoint sensor macOS Mojave , endpoint sensor macOS High Sierra,