See the following table for the end-user experience in installation and upgrade scenarios that ENSM supports on macOS High Sierra 10.13 and later.
| Configuration |
User Experience |
| Standalone installation on macOS High Sierra and later without a Mobile Device Management (MDM) profile |
- When you install ENSM on standalone Mac systems, the Threat Prevention - on-access scan and Firewall features are disabled at the time of installation.
- ENSM tries to automatically load the kernel extensions about 10 minutes after the installation.
- The end user sees a McAfee/Trellix Alert that prompts whether to allow the kernel extensions from the Security & Privacy System Preferences pane.
NOTE: The Alert appears every 30 minutes until the user provides consent.
- After the user gives consent, the user must enable the Threat Prevention - on-access scan and Firewall features.
- The Self-Protection feature is turned on automatically.
The following video explains how to install ENSM on standalone Mac systems running macOS Catalina, without an MDM profile:
How to install Endpoint Security for Mac on macOS Catalina.
NOTE: The steps in the above video require local system access. These steps don't work if you're using remote access. |
| ePolicy Orchestrator (ePO) deployment on macOS High Sierra and later without an MDM profile |
- When you deploy ENSM on ePO-managed Mac systems, the Threat Prevention - on-access scan and Firewall features are disabled at the time of installation. They're disabled even if the ePO policy is set to enable them.
- ENSM tries to automatically load the kernel extensions about 10 minutes after the deployment.
- The end user sees a McAfee/Trellix Alert that prompts whether to allow the kernel extensions from the Security & Privacy System Preferences pane.
NOTES:
- The Alert appears every 30 minutes until the user provides consent.
- These systems have a compliance status of "Non-compliant" for on-access scan, Firewall, and Self-Protection until the user gives consent.
- ePO administrators can use the canned queries for on-access scan, Firewall, and Self-Protection compliance that ship with the ENS Extensions. They can be used to identify systems where the user hasn't yet provided consent.
- After the user gives consent, the next policy enforcement enables the Threat Prevention - on-access scan, Firewall, and Self-Protection features based on the policy setting.
NOTE: These systems now have a compliance status of "Compliant" for on-access scan, Firewall, and Self-Protection.
|
| Standalone installation and ePO deployment on macOS High Sierra and later with an MDM profile |
Enrollment in MDM automatically disables SKEL with macOS 10.13.3 and earlier. In this case, end-user consent isn't needed to enable the ENSM Threat Prevention - on-access scan, Firewall, and Self-Protection features.
Starting with macOS 10.13.4, enrolling in MDM doesn't automatically disable SKEL. The kernel extensions have to be added in the Kernel Extension Policy payload to load without end-user user consent.
For more information, see the following Apple articles:
Below are the details for use in the Kernel Extension Policy payload:
Trellix Team Identifier: P2BNL68L2C
Bundle Identifiers:
com.intelsecurity.FileCore
com.McAfee.AVKext
com.McAfee.FileCore
com.McAfee.FMPSysCore
com.McAfee.mfeaac
com.McAfee.SFKext
You can also download and import the profile configuration file. The file is included in the "Attachment" section of this article. |
| Upgrade from macOS El Capitan and macOS Sierra, running ENSM 10.2.3 and later, to macOS High Sierra or later |
If the kernel extensions are present on the Mac system before you upgrade to macOS High Sierra or later, no end-user consent is needed. |
