The following components should be enabled for XDR Sensor:
- System Pop-up – Opens automatically and prompts users to allow the extension to be loaded
- Kernel Extension – From macOS10.13 to macOS10.15, user approval is required before loading new, third-party kernel extensions. Apex One (Mac) uses kernel extensions for the real-time protection features.
- System Extension - Starting from macOS Big Sur, Kernel Extension will not be loaded by the system. To comply with changes to the Apple guidelines for software developers, our Endpoint Security and Network Extension frameworks have been updated.
- com.trendmicro.icore.es.sa → Includes process executions, mounting file systems, forking processes, and raising signals.
Reference: Apple Developer Documentation on Endpoint Security - com.trendmicro.icore.netfilter.sa → Extends core networking features.
Reference: Apple Developer Documentation on Network Extension
- com.trendmicro.icore.es.sa → Includes process executions, mounting file systems, forking processes, and raising signals.
- Web Content Filter - An on-device network content filter examines user network content as it passes through the network stack and determines if that content should be blocked or allowed to pass on to its final destination.
Reference: Apple Developer Documentation on Content Filter Providers - Full Disk Access - Full Disk Access permission is a privacy feature introduced in macOS Mojave (10.14) that prevents some applications from accessing your important data such as Mail, Messages, TimeMachine, and Safari files. This means you need to manually grant permission for certain applications to access these protected areas of your Mac. In earlier versions of macOS (10.13 and lower), this permission is automatically granted during installation of your product.
Enabling Endpoint Sensor by Mobile Device Management (MDM)
To enable Endpoint Sensor using a MDM, please follow this article on Creating and Configuring MDM Profile(s) for Trend Micro Security Agent for Mac.
Enabling Endpoint Sensor manually
Trend Vision One Endpoint Sensor supports macOS Sonoma, macOS Ventura, macOS Monterey, macOS Big Sur, macOS Catalina, macOS Mojave and macOS High Sierra.
Click the macOS that you are using from the list below to access the steps for enabling Endpoint Sensor manually:
- The System Extension Blocked pop-up window appears after enabling Endpoint Sensor.
If this page doesn't appear automatically, please double-click Trend Micro XDR Endpoint Sensor.app in the Applications directory to manually open the authorization page.
- The Set Up Required Permissions prompt should appear. Click on Continue.
- Follow the steps on the prompt to allow System Extension.
- Follow the steps on the next prompt to Allow Full Disk Access.
- Once steps have been successfully completed, the prompt “Endpoint sensor enabled successfully” should be shown.
- The System Extension Blocked pop-up window appears after enabling Endpoint Sensor.
If this page doesn't appear automatically, double-click Trend Micro XDR Endpoint Sensor.app in the Applications directory to manually open the authorization page.
- The Set Up Required Permissions prompt should appear. Click Continue.
- Follow the steps on the prompt to allow System Extension.
- Follow the steps on the next prompt to Allow Full Disk Access.
- Once steps have been successfully completed, the prompt “Endpoint sensor enabled successfully” should be shown.
- The System Extension Blocked pop-up window appears after enabling Endpoint Sensor.
If this page doesn't appear automatically, double-click Trend Micro XDR Endpoint Sensor.app in the Applications directory to manually open the authorization page.
- The Set Up Required Permissions prompt should appear. Click Continue.
- Follow the steps on the prompt to allow System Extension.
- Follow the steps on the next prompt to Allow Full Disk Access.
- Once steps have been successfully completed, the prompt “Endpoint sensor enabled successfully” should be shown.
- The System Extension Blocked pop-up window appears after enabling Endpoint Sensor.
If this page doesn't appear automatically, double-click Trend Micro XDR Endpoint Sensor.app in the Applications directory to manually open the authorization page.
- The Set Up Required Permissions prompt should appear. Click Continue.
- Follow the steps on the prompt to allow System Extension.
- Follow the steps on the next prompt to Allow Full Disk Access.
- Once steps have been successfully completed, the prompt “Endpoint sensor enabled successfully” should be shown.
- The System Extension Blocked pop-up window appears after enabling Endpoint Sensor.
If this page doesn't appear automatically, double-click Trend Micro XDR Endpoint Sensor.app in the Applications directory to manually open the authorization page.
- The Set Up Required Permissions prompt should appear. Click Continue.
- Follow the steps on the prompt to allow System Extension.
- Once steps have been successfully completed, the prompt “Endpoint sensor enabled successfully” should be shown.
After all permissions have been granted. You can confirm the information on the "Full Disk Access" and "Network" pages. For macOS Ventura, macOS Monterey, macOS Big Sur and macOS Catalina, on "Full Disk Access" page, make sure the following apps are selected:
- Trend Micro Extension (XDR)
- iCore Security
- rend Micro XDR Endpoint Sensor
For macOS Mojave, on "Full Disk Access" page, make sure the following apps are selected:
- Trend Micro XDR Endpoint Sensor
On "Network" page, make sure "Trend Micro Network Extension (XDR)" has been added.