Views:

Permission settings will require name and password of an administrator to verify the user has administrator privileges.

The following components should be enabled for Mac Devices:

System Pop-up - Opens automatically and prompts users to allow the extension to be loaded
Kernel Extension - From macOS10.14, user approval is required before loading new, third-party kernel extensions. WFBS-SVC for mac uses kernel extensions for the real-time protection features.
System Extension - Starting from macOS Big Sur, Kernel Extension will not be loaded by the system. To comply with changes to the Apple guidelines for software developers, our Endpoint Security and Network Extension frameworks have been updated.
- com.trendmicro.icore.es.sa → Includes process executions, mounting file systems, forking processes, and raising signals.
  Reference: Apple Developer Documentation on Endpoint Security
- com.trendmicro.icore.netfilter.sa → Extends core networking features.
  Reference: Apple Developer Documentation on Network Extension
Web Content Filter - An on-device network content filter examines user network content as it passes through the network stack and determines if that content should be blocked or allowed to pass on to its final destination.
Reference: Apple Developer Documentation on Content Filter Providers
Full Disk Access - Full Disk Access permission is a privacy feature introduced in macOS Mojave (10.14) that prevents some applications from accessing your important data such as Mail, Messages, TimeMachine, and Safari files. This means you need to manually grant permission for certain applications to access these protected areas of your Mac

Allowing WFBS-SVC Security Permissions for Mac

Click View Details in Mac Security Agent console.

^{Click the image to enlarge.}
Click Continue to proceed with the Guided User Interface until reaching the System Extension page.

^{Click the image to enlarge.}
Follow the steps on the prompt to allow System Extension.

^{Click the image to enlarge.}

^{Click the image to enlarge.}

^{Click the image to enlarge.}

^{Click the image to enlarge.}

^{Click the image to enlarge.}
Click Continue for the permission changes to take effect.

^{Click the image to enlarge.}
Once in Full Disk Access page, click Open Full Disk Access button.

^{Click the image to enlarge.}

This will load "Full Disk Access" panel, make sure that the user guided interface has been followed and “Trend Micro Extension”, “Trend Micro Security Agent”, “iCore Service” is added and ticked.

^{Click the image to enlarge.}
Click Continue for the permission changes to take effect.

^{Click the image to enlarge.}
This will prompt a message to Restart Trend Micro Security Agent. Click OK to finish.

^{Click the image to enlarge.}

If the mac device upgraded directly to macOS 13.0.0, you may follow the steps mentioned in "Security Permission Required" message appears on Worry-Free Business Security Services (WFBS-SVC) after macOS13 Upgrade.

Allowing Endpoint Sensor Permissions for Mac

WFBS-SVC Endpoint Sensor for Mac feature is currently in Preview for selected Trend Micro Partners/Customers. This is to allow early engagement testing and gives customers an opportunity to gain experience and provide feedback prior to the official release.

Enabling Endpoint Sensor by Mobile Device Management (MDM)

To enable Endpoint Sensor using a MDM, please follow this article on Creating and Configuring MDM Profile(s) for Trend Micro Security Agent for Mac.

Enabling Endpoint Sensor manually

Trend Micro WFBS-SVC Endpoint Sensor for Mac supports macOS 14 (Sonoma), macOS 13 (Ventura), macOS 12 (Monterey), macOS 11 (Big Sur), macOS 10.15 (Catalina).

Click the macOS that you are using from the list below to access the steps for enabling Endpoint Sensor manually:

> For macOS Sonoma

The System Extension Blocked pop-up window appears after enabling Endpoint Sensor.

If this page doesn't appear automatically, please double-click Trend Micro XDR Endpoint Sensor.app in the Applications directory to manually open the authorization page.
The Set Up Required Permissions prompt should appear. Click on Continue.
Follow the steps on the prompt to allow System Extension.
Follow the steps on the next prompt to Allow Full Disk Access.
Once steps have been successfully completed, the prompt “Endpoint sensor enabled successfully” should be shown.

> For macOS Ventura

The System Extension Blocked pop-up window appears after enabling Endpoint Sensor.

If this page doesn't appear automatically, double-click Trend Micro XDR Endpoint Sensor.app in the Applications directory to manually open the authorization page.
The Set Up Required Permissions prompt should appear. Click Continue.
Follow the steps on the prompt to allow System Extension.
Follow the steps on the next prompt to Allow Full Disk Access.
Once steps have been successfully completed, the prompt “Endpoint sensor enabled successfully” should be shown.

> For macOS Monterey, macOS Big Sur and macOS Catalina

The System Extension Blocked pop-up window appears after enabling Endpoint Sensor.

If this page doesn't appear automatically, double-click Trend Micro XDR Endpoint Sensor.app in the Applications directory to manually open the authorization page.
The Set Up Required Permissions prompt should appear. Click Continue.
Follow the steps on the prompt to allow System Extension.
Follow the steps on the next prompt to Allow Full Disk Access.
Once steps have been successfully completed, the prompt “Endpoint sensor enabled successfully” should be shown.

After all permissions have been granted. You can confirm the information on the "Full Disk Access" and "Network" pages. For macOS Ventura, macOS Monterey, macOS Big Sur and macOS Catalina, on "Full Disk Access" page, make sure the following apps are selected:

Trend Micro Extension (XDR)
iCore Security
Trend Micro XDR Endpoint Sensor

^{Click the image to enlarge.}

Keywords: Security Permission, MAC, WFBS-SVC,authorization

Authorizing Security Permissions Required for Worry-Free Business Security Services (WFBS-SVC) and Endpoint Sensor for Mac

Product / Version includes:

Worry-Free Business Security Services6.7

Last updated: 2023/12/22

Solution ID: KA-0015697

Category: Configure , Troubleshoot

Summary

The following message will prompt on the WFBS-SVC Mac Agent console:
Security Permission Required

^{Click the image to enlarge.}

The issue occurs when WFBS-SVC macOS agent did not have its required permissions allowed after installation or upgrade.
After enabling "Endpoint Sensor" from web console, Endpoint Sensor status is still grayed out in Mac Agent console:

^{Click the image to enlarge.}

The issue occurs when WFBS-SVC Mac Endpoint Sensor agent did not have its required permissions allowed.

This article discusses how to authorize the security permissions to ensure proper mac security agent and sensor functionality.

Permission settings will require name and password of an administrator to verify the user has administrator privileges.

The following components should be enabled for Mac Devices:

System Pop-up - Opens automatically and prompts users to allow the extension to be loaded
Kernel Extension - From macOS10.14, user approval is required before loading new, third-party kernel extensions. WFBS-SVC for mac uses kernel extensions for the real-time protection features.
System Extension - Starting from macOS Big Sur, Kernel Extension will not be loaded by the system. To comply with changes to the Apple guidelines for software developers, our Endpoint Security and Network Extension frameworks have been updated.
- com.trendmicro.icore.es.sa → Includes process executions, mounting file systems, forking processes, and raising signals.
  Reference: Apple Developer Documentation on Endpoint Security
- com.trendmicro.icore.netfilter.sa → Extends core networking features.
  Reference: Apple Developer Documentation on Network Extension
Web Content Filter - An on-device network content filter examines user network content as it passes through the network stack and determines if that content should be blocked or allowed to pass on to its final destination.
Reference: Apple Developer Documentation on Content Filter Providers
Full Disk Access - Full Disk Access permission is a privacy feature introduced in macOS Mojave (10.14) that prevents some applications from accessing your important data such as Mail, Messages, TimeMachine, and Safari files. This means you need to manually grant permission for certain applications to access these protected areas of your Mac

EXPAND ALL

Allowing WFBS-SVC Security Permissions for Mac

Click View Details in Mac Security Agent console.

^{Click the image to enlarge.}
Click Continue to proceed with the Guided User Interface until reaching the System Extension page.

^{Click the image to enlarge.}
Follow the steps on the prompt to allow System Extension.

^{Click the image to enlarge.}

^{Click the image to enlarge.}

^{Click the image to enlarge.}

^{Click the image to enlarge.}

^{Click the image to enlarge.}
Click Continue for the permission changes to take effect.

^{Click the image to enlarge.}
Once in Full Disk Access page, click Open Full Disk Access button.

^{Click the image to enlarge.}

This will load "Full Disk Access" panel, make sure that the user guided interface has been followed and “Trend Micro Extension”, “Trend Micro Security Agent”, “iCore Service” is added and ticked.

^{Click the image to enlarge.}
Click Continue for the permission changes to take effect.

^{Click the image to enlarge.}
This will prompt a message to Restart Trend Micro Security Agent. Click OK to finish.

^{Click the image to enlarge.}

Allowing Endpoint Sensor Permissions for Mac