You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc):
17
-
18
-
$$$system-extension-endpoint$$$
19
-
20
-
$$$enable-fda-endpoint$$$
21
-
22
-
$$$allow-filter-content$$$
23
9
24
10
To properly install and configure {{elastic-defend}} manually without a Mobile Device Management (MDM) profile, there are additional permissions that must be enabled on the host before {{elastic-endpoint}}—the installed component that performs {{elastic-defend}}'s threat monitoring and prevention—is fully functional:
25
11
@@ -32,7 +18,6 @@ The following permissions that need to be enabled are required after you [config
32
18
::::
33
19
34
20
35
-
36
21
## Approve the system extension for {{elastic-endpoint}} [system-extension-endpoint]
37
22
38
23
For macOS Monterey (12.x), {{elastic-endpoint}} will attempt to load a system extension during installation. This system extension must be loaded in order to provide insight into system events such as process events, file system events, and network events.
@@ -57,24 +42,24 @@ The following message appears during installation:
57
42
:::
58
43
59
44
60
-
#### Approve network content filtering for {{elastic-endpoint}} [allow-filter-content]
45
+
## Approve network content filtering for {{elastic-endpoint}} [allow-filter-content]
61
46
62
-
After successfully loading the {{elastic-endpoint}} system extension, an additional message appears, asking to allow {{elastic-endpoint}} to filter network content.
47
+
After successfully loading the {{elastic-endpoint}} system extension, an additional message appears, asking to allow {{elastic-endpoint}} to filter network content.
*Click **Allow** to enable content filtering for the {{elastic-endpoint}} system extension. Without this approval, {{elastic-endpoint}} cannot receive network events and, therefore, cannot enable network-related features such as [host isolation](/solutions/security/endpoint-response-actions/isolate-host.md).
54
+
Click **Allow** to enable content filtering for the {{elastic-endpoint}} system extension. Without this approval, {{elastic-endpoint}} cannot receive network events and, therefore, cannot enable network-related features such as [host isolation](/solutions/security/endpoint-response-actions/isolate-host.md).
70
55
71
56
72
57
## Enable Full Disk Access for {{elastic-endpoint}} [enable-fda-endpoint]
73
58
74
59
{{elastic-endpoint}} requires Full Disk Access to subscribe to system events via the {{elastic-defend}} framework and to protect your network from malware and other cybersecurity threats. To enable Full Disk Access on endpoints running macOS Catalina (10.15) and later, you must manually approve {{elastic-endpoint}}.
75
60
76
61
::::{note}
77
-
The following instructions apply only to {{elastic-endpoint}} running version 8.0.0 and later. To see Full Disk Access requirements for the Endgame sensor, refer to Endgame’s documentation.
62
+
The following instructions apply only to {{elastic-endpoint}} running version 8.0.0 and later. In {{serverless-short}}, versions 7.17.0 and earlier are not supported. To see Full Disk Access requirements for the Endgame sensor, refer to Endgame’s documentation.
78
63
::::
79
64
80
65
@@ -102,7 +87,7 @@ The following instructions apply only to {{elastic-endpoint}} running version 8.
102
87
:::
103
88
104
89
105
-
If the endpoint is running {{elastic-endpoint}} version 7.17.0 or earlier:
90
+
In {{stack}}, if the endpoint is running {{elastic-endpoint}} version 7.17.0 or earlier:
106
91
107
92
1. In the lower-left corner of the pane, click the **Lock button**, then enter your credentials to authenticate.
0 commit comments