This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Full disk access requirement on macos agent

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Full disk access requirement on macos agent

tmeksik
L2 Linker

‎07-01-2025 09:39 PM

Hi team

 

A couple of questions here:

 

1) Is full disk access required for agents running on macOS Sonoma and Sequoia?

 

2) What is the meaning of "Requires full disk access: False" in the "cytool status" output? (screenshot attached)
The endpoint we ran this command on showed as "Fully protected" through the console. It is running 8.7.1.2855 on MacOS Sonoma.

 

Thanks

Tum

Preview file
10 KB
0 Likes Likes
2 REPLIES 2

eluis
L4 Transporter

‎07-02-2025 01:52 AM - edited ‎07-02-2025 01:56 AM

Hi Tmeksik, 

 

  1. Full disk access on mac is required to give full protection against malicious activities in your endpoint as you can see in the documentation below at step 9. To provide full protection from antimalware flow full disk access is required:
    https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/8.3/Cortex-XDR-Agent-Administrator-Guide/Insta...
  2. I see that MacOs Somoa and Sequoia are versions 14 and 15 respectively. The full disk access is required since version MacOs v10.15 as the documentation says. The output of cytool seems to say that the agent does not have full access to the disk. Could you please double check on your mac configurations ? I dont have a Mac with me now, I believe it is under the Privacy & Security menu of your Mac. Please make sure that you have granted full access to the XDR agent over the disk in your Mac endpoint.
  3.  I have checked too that XDR Agent 8.7.1.2855 is compatible with MacOs Sequoia and Sonoma:
    https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Mac

If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.

 

KR, 

Luis

0 Likes Likes

tmeksik
L2 Linker
In response to eluis

‎07-02-2025 03:49 PM

Hi Luis - thanks for your reply. I'll need to get more info from the user to understand more on what was going on here.

 

Another question for (2). As you mention, the cytool output (while read confusing to me) seemed like it indicated that full disk access wasn't granted. However on the web console, that endpoint showed up as being fully protected though. So which one is to be believed?

0 Likes Likes
  • 231 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks