Skip Navigation

Configuration requirements for
macOS
Big Sur devices

To install
Optics
agent version 3.0 or later on
macOS
Big Sur (11.x) devices, note the following configuration requirements. The requirements depend on whether devices are managed by an MDM solution (for example, Jamf Pro).

MDM managed devices

The information below uses Jamf Pro as the MDM solution, but it is applicable to other MDM solutions.
Requirement
Steps
Enable full disk access for
Optics
Create a configuration profile and configure the following privacy preferences:
  • Identifier: com.cylance.Optics
  • Identifier Type: Bundle ID
  • Code Requirement:
    identifier "com.cylance.Optics" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "6ENJ69K633"
  • SystemPolicyAllFiles service: Allow
Enable the
Optics
system extension
Create a configuration profile and configure the following privacy preferences:
  • Display Name: Cylance EndpointSecurity Optics System Extension
  • System Extension Types: Allowed System Extensions
  • Team Identifier: 6ENJ69K633
  • Allowed System Extensions: com.cylance.CyOpticsESF.extension
Enable the
Optics
system extension full disk access
Create a configuration profile and configure the following privacy preferences:
  • Identifier: com.cylance.CyOpticsESF.extension
  • Identifier Type: Bundle ID
  • Code Requirement:
    anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "6ENJ69K633")
  • SystemPolicyAllFiles service: Allow
Enable the
Optics
network extension
Create a configuration profile and configure the following content filter settings:
  • Filter Name: com.cylance.CyOpticsESF.extension
  • Identifier: com.cylance.CyOpticsESF.extension
  • Socket Filter Bundle Identifier: com.cylance.CyOpticsESF.extension
  • Socket Filter Designated Requirement:
    anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "6ENJ69K633")
  • Network Filter Bundle Identifier: com.cylance.CyOpticsESF.extension
  • Network Filter Designated Requirement:
    anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "6ENJ69K633")
Restart after installation
After you complete the configuration steps above and install the
Optics
agent, restart the device.

Devices that are not MDM managed

After you install the
Optics
agent:
  1. Restart the device.
  2. Go to the Security & Privacy settings and approve CyOpticsESFLoader.
  3. When prompted, allow the
    Optics
    network filter.
  4. If System Integrity Protection (SIP) is enabled on the device, on the Privacy tab, click Full Disk Access and verify that CyOpticsESFLoader is selected. If CyOpticsESFLoader is not in the list, click +, navigate to /Library/Application Support/Cylance/Optics, and select CyOptics.
  5. Restart the device again.
To verify that the system extension is loaded:
  1. Run
    $ systemextensionsctl list
    and confirm that the output includes
    com.cylance.CyOpticsESF.extension
    .
  2. Run
    $ ps aux | grep -i extension | grep -i Cylance
    and confirm that the output includes
    com.cylance.CyOpticsESF.extension.systemextension
    .