-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Cylance: Protect - Installing Agent: MacOS Big Sur
01/08/2025 
0 People found this article helpful
7,449 Views
Description
- With the macOS Big Sur release, the command line profiles tool is no longer supported. To install configuration profiles on remote macOS systems without user interaction (silent install), Apple Mobile Device Management (MDM) is required. This means that macOS devices should be enrolled with an MDM vendor before upgrading to macOS Big Sur. Devices not enrolled prior to the upgrade requires user interaction (with administrative privileges).
- BlackBerry recommends using MDM to deploy a Configuration Profile that contains approval and full disk access for BlackBerry Cylance's system extension. However, macOS Big Sur does not support remote silent installations of an MDM profile onto a system with a new installation of the Big Sur operating system.
Table of Contents
- Remote Silent Installation
- How to create a configuration profile that approves the BlackBerry Protect System Extension using Jamf Pro
- How to create a PPPC to provide Full Disk Access for the BlackBerry Protect system extension using Jamf Pro
- Manual Install - How to approve the Cylance System Extension and provide Full Disk Access
Remote Silent Installation
Complete the following steps to support remote silent installations:
- Install macOS Catalina
- Apply the MDM profile
- Download the profiles onto the Catalina device
- Upgrade the device to macOS Big Sur
By first installing macOS Catalina, the BlackBerry Protect Desktop Agent version 1580 contains both the kernel driver and the new Endpoint Security System Extension. The kernel driver only functions on macOS Catalina or earlier. The Endpoint Security System Extension is required by macOS Big Sur and is only supported in BlackBerry Protect Desktop Agent version 1580 and later. This is why macOS Catalina is required to bridge the gap between the differences in the operating systems.
Product version and extension type:
- BlackBerry Protect (CylancePROTECT) Agent version 1570 or earlier
- Kernel extension, supports macOS Catalina or earlier
- BlackBerry Protect (CylancePROTECT) Agent version 1580 and later
- Kernel extension, supports macOS Catalina or earlier, System Extension supports macOS Big Sur and later
How to create a configuration profile that approves the BlackBerry Protect System Extension using Jamf Pro
The following example uses Jamf Pro for applying the MDM profile to a macOS Catalina system. These steps allow administrators to deploy the configuration profile that approves the BlackBerry Protect System Extension to a targeted scope of enrolled computers.
NOTE: This is the recommended method for preparing devices to upgrade to macOS Big Sur.
- Install macOS Catalina or upgrade the device to macOS Catalina.
- In Jamf Pro, create an MDM profile that automatically allows the Cylance system extension.
- In Jamf Pro, select Computers > Configuration Profiles
- Click New
- For Distribution Method, select Install Automatically
- For level, select Computer Level
- Under Options, select the System Extensions option.
- Click Configure
- In the Name field, enter CylanceSystemExtension
- In the Description Field, enter Allows CylancePROTECT System Extension
- Under System Extension Types, select Allow System Extensions
- For Team Identifier, enter 6ENJ69K633
- For Allowed Systems Extensions, click Add
- Under Allowed System Extensions, add com.cylance.CylanceEndpointSecurity.extension
- click Save
- Click the Scope tab and configure the scope to apply to any devices that will be running BlackBerry Protect on macOS Big Sur and later
- Install the BlackBerry Protect Desktop Agent version 1580 or update to the BlackBerry Protect Desktop Agent version 1580. This agent version has both the existing kernel driver (that runs in Catalina or earlier)
- Upgrade to macOS Big Sur
Permissions granted via MDM do not display under System Preferences > Security & Privacy > Privacy tab.- Although the Configuration Profile with FDA allowed for CylanceEsExtension is properly configured, Full Disk Access does not display as checked for CylanceEsExtension under System Preferences > Security & Privacy > Privacy tab > Full Disk Access.
- To verify that CylanceEsExtension has been given Full Disk Access, open System Preferences > Profiles and verify it.
How to create a PPPC to provide Full Disk Access for the BlackBerry Protect system extension using Jamf Pro
Complete the following steps to create a PPPC configuration profile that provides Full Disk Access for the BlackBerry Protect system extension using Jamf Pro. These steps allow administrators to deploy the PPPC configuration profile that provides Full Disk Access for the BlackBerry Protect system extension to a targeted scope of enrolled computers.
- In Jamf Pro, select Computers > Configuration Profiles
- Click New
- In the name field, enter CylanceEndpointSecurity (PPPC)
- In the description field, enter Allow CylanceEndpointSecurity Full Disk Access
- For distribution method, select Install Automatically
- For level, select Computer Level
- Under options, select Privacy Preferences Policy Control
- Click Configure
- In the Identifier field, enter com.cylance.CylanceEndpointSecurity.extension
- For Identifier Type, select Bundle ID
- In the code requirement field, enter the following:
identifier "com.cylance.CylanceEndpointSecurity.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "6ENJ69K633") - Leave Validate the Static Code Requirement unchecked
- Click Add
- Under App or Service, select SystemPolicyAllFiles
- Under Access, select Allow
- Click Save
- Click the Scope tab at the top of the page
- Verify that the Configuration Profile is properly scoped and is applied to any macOS device running BlackBerry Protect
- Click Save
- Click Done
Manual Install - How to approve the Cylance System Extension and provide Full Disk Access
Complete the following steps to approve the Cylance System Extension and provide Full Disk Access.
- Install Cylance Protect for MacOS version 3.1.1000 or newer.
- During the install you should be prompted to approve the CylanceES Systems Extension.
a) If you are not prompted you still need to take steps 3 through 4
- Click Open Security Preferences.
b) This opens the System Preferences > Security & Privacy > General tab. - Click the lock to authenticate if needed, then click Allow.
- Enable Full Disk Access:
a) Select System Preferences > Security & Privacy > Privacy tab.
b) Click the lock to authenticate if needed, then click Allow.
c) Scroll down and click Full Disk Access.
d) Check CylanceESExtension
e) If showing, also check CylanceSvc.app
- CylanceUI requests permission to provide notifications.
- Click the notification to open the System Preferences > Notifications pane.
- Select Cylance UI, then toggle Allow Notifications.
YES
NO