https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/full-disk-access-requirement-on-macos-agent/m-p/1233066#M8514 <P>Hi Luis - thanks for your reply. I'll need to get more info from the user to understand more on what was going on here.</P> <P>&nbsp;</P> <P>Another question for (2). As you mention, the cytool output (while read confusing to me) seemed like it indicated that full disk access wasn't granted. However on the web console, that endpoint showed up as being fully protected though. So which one is to be believed?</P> Wed, 02 Jul 2025 22:49:21 GMT tmeksik 2025-07-02T22:49:21Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/full-disk-access-requirement-on-macos-agent/m-p/1232995#M8507 <P>Hi team</P> <P>&nbsp;</P> <P>A couple of questions here:</P> <P>&nbsp;</P> <P>1) Is full disk access required for agents running on macOS Sonoma and Sequoia?</P> <P>&nbsp;</P> <P>2) What is the meaning of "Requires full disk access: False" in the "cytool status" output? (screenshot attached)<BR />The endpoint we ran this command on showed as "Fully protected" through the console. It is running&nbsp;8.7.1.2855 on MacOS Sonoma.</P> <P>&nbsp;</P> <P>Thanks</P> <P>Tum</P> Wed, 02 Jul 2025 04:39:16 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/full-disk-access-requirement-on-macos-agent/m-p/1232995#M8507 tmeksik 2025-07-02T04:39:16Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/full-disk-access-requirement-on-macos-agent/m-p/1233019#M8509 <P>Hi Tmeksik,&nbsp;</P> <P>&nbsp;</P> <OL> <LI>Full disk access on mac is required to give full protection against malicious activities in your endpoint as you can see in the documentation below at step 9. To provide full protection from antimalware flow full disk access is required:<BR /><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/8.3/Cortex-XDR-Agent-Administrator-Guide/Install-the-Cortex-XDR-Agent-Manually" target="_blank" rel="noopener">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/8.3/Cortex-XDR-Agent-Administrator-Guide/Install-the-Cortex-XDR-Agent-Manually</A></LI> <LI>I see that MacOs Somoa and Sequoia are versions 14 and 15 respectively. The full disk access is required since version MacOs v10.15 as the documentation says. The output of cytool seems to say that the agent does not have full access to the disk. Could you please double check on your mac configurations ? I dont have a Mac with me now, I believe it is under the Privacy &amp; Security menu of your Mac. Please make sure that you have granted full access to the XDR agent over the disk in your Mac endpoint.</LI> <LI><SPAN>&nbsp;I have checked too that XDR Agent 8.7.1.2855 is compatible with MacOs Sequoia and Sonoma:<BR /><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Mac" target="_blank" rel="noopener">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Mac</A><BR /></SPAN></LI> </OL> <P>If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.</P> <P>&nbsp;</P> <P>KR,&nbsp;</P> <P>Luis</P> Wed, 02 Jul 2025 08:56:50 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/full-disk-access-requirement-on-macos-agent/m-p/1233019#M8509 eluis 2025-07-02T08:56:50Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/full-disk-access-requirement-on-macos-agent/m-p/1233066#M8514 <P>Hi Luis - thanks for your reply. I'll need to get more info from the user to understand more on what was going on here.</P> <P>&nbsp;</P> <P>Another question for (2). As you mention, the cytool output (while read confusing to me) seemed like it indicated that full disk access wasn't granted. However on the web console, that endpoint showed up as being fully protected though. So which one is to be believed?</P> Wed, 02 Jul 2025 22:49:21 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/full-disk-access-requirement-on-macos-agent/m-p/1233066#M8514 tmeksik 2025-07-02T22:49:21Z