Set up policies for managing the SentinelOne application on macOS devices
- 18 Oct 2024
- 5 読む分
- 印刷する
- PDF
Set up policies for managing the SentinelOne application on macOS devices
- 更新日 18 Oct 2024
- 5 読む分
- 印刷する
- PDF
The content is currently unavailable in Ja - 日本語. You are viewing the default English version.
記事の要約
この要約は役に立ちましたか?
ご意見ありがとうございます
The following payload help IT Admins to enforce specific privacy, system extension, and notification policies for the SentinelOne security software on macOS, ensuring that the application can perform its functions with the necessary permissions and access.
Copy the contents directly from below and add it in Custom Settings in the Device Profile or click here to download the file and import it in the Device Profile.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadDisplayName</key> <string>Privacy Preferences Policy Control #1</string> <key>PayloadIdentifier</key> <string>com.apple.TCC.configuration-profile-policy.8AEEC4F9-4BD9-4422-B8CD-6745221671E3</string> <key>PayloadType</key> <string>com.apple.TCC.configuration-profile-policy</string> <key>PayloadUUID</key> <string>8AEEC4F9-4BD9-4422-B8CD-6745221671E3</string> <key>PayloadVersion</key> <integer>1</integer> <key>Services</key> <dict> <key>SystemPolicyAllFiles</key> <array> <dict> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>anchor apple generic and identifier "com.sentinelone.sentineld" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string> <key>Identifier</key> <string>com.sentinelone.sentineld</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <false/> </dict> <dict> <key>Allowed</key> <integer>1</integer> <key>CodeRequirement</key> <string>anchor apple generic and identifier "com.sentinelone.sentineld-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string> <key>Identifier</key> <string>com.sentinelone.sentineld-helper</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <integer>0</integer> </dict> <dict> <key>Allowed</key> <integer>1</integer> <key>CodeRequirement</key> <string>anchor apple generic and identifier "com.sentinelone.sentineld-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string> <key>Identifier</key> <string>com.sentinelone.sentineld-shell</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <integer>0</integer> </dict> </array> <key>BluetoothAlways</key> <array> <dict> <key>Allowed</key> <integer>1</integer> <key>CodeRequirement</key> <string>anchor apple generic and identifier "com.sentinelone.sentinel-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string> <key>Identifier</key> <string>com.sentinelone.sentinel-helper</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <integer>0</integer> </dict> </array> </dict> </dict> <dict> <key>AllowUserOverrides</key> <true/> <key>AllowedSystemExtensions</key> <dict> <key>4AYE5J54KN</key> <array> <string>com.sentinelone.network-monitoring</string> </array> </dict> <key>PayloadDescription</key> <string></string> <key>PayloadDisplayName</key> <string>System Extensions</string> <key>PayloadIdentifier</key> <string>1BDD5153-6C81-4E0F-B409-1C321FF5E251</string> <key>PayloadOrganization</key> <string>Gete.Net Consulting</string> <key>PayloadType</key> <string>com.apple.system-extension-policy</string> <key>PayloadUUID</key> <string>1BDD5153-6C81-4E0F-B409-1C321FF5E251</string> <key>PayloadVersion</key> <integer>1</integer> </dict> <dict> <key>PayloadUUID</key> <string>2B453873-A72A-4389-908A-9BF11B98790F</string> <key>PayloadType</key> <string>com.apple.system-extension-policy</string> <key>PayloadOrganization</key> <string>Sentinel Labs, Inc.</string> <key>PayloadIdentifier</key> <string>2B453873-A72A-4389-908A-9BF11B98790F</string> <key>PayloadDisplayName</key> <string>System Extensions</string> <key>PayloadDescription</key> <string/> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadEnabled</key> <true/> <key>AllowUserOverrides</key> <false/> <key>AllowedTeamIdentifiers</key> <array> <string>4AYE5J54KN</string> </array> <key>RemovableSystemExtensions</key> <dict> <key>4AYE5J54KN</key> <array> <string>com.sentinelone.network-monitoring</string> </array> </dict> </dict> <dict> <key>FilterDataProviderBundleIdentifier</key> <string>com.sentinelone.network-monitoring</string> <key>FilterDataProviderDesignatedRequirement</key> <string>identifier "com.sentinelone.network-monitoring" and anchor apple generic and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string> <key>FilterGrade</key> <string>firewall</string> <key>FilterPackets</key> <false/> <key>FilterSockets</key> <true/> <key>FilterType</key> <string>Plugin</string> <key>PayloadDisplayName</key> <string>Web Content Filter Payload</string> <key>PayloadIdentifier</key> <string>14DDD990-E2D8-4DD1-8CC6-72FEFB5F252B</string> <key>PayloadOrganization</key> <string>Scalefusion Software</string> <key>PayloadType</key> <string>com.apple.webcontent-filter</string> <key>PayloadUUID</key> <string>14DDD990-E2D8-4DD1-8CC6-72FEFB5F252B</string> <key>PayloadVersion</key> <integer>1</integer> <key>PluginBundleID</key> <string>com.sentinelone.extensions-wrapper</string> <key>UserDefinedName</key> <string>SentinelOne Extensions</string> </dict> <dict> <key>NotificationSettings</key> <array> <dict> <key>BadgesEnabled</key> <true/> <key>BundleIdentifier</key> <string>com.sentinelone.SentinelAgent</string> <key>CriticalAlertEnabled</key> <true/> <key>NotificationsEnabled</key> <true/> <key>ShowInCarPlay</key> <true/> <key>ShowInLockScreen</key> <true/> <key>ShowInNotificationCenter</key> <true/> <key>SoundsEnabled</key> <true/> </dict> </array> <key>PayloadDisplayName</key> <string>Notifications</string> <key>PayloadIdentifier</key> <string>com.apple.notificationsettings.9D668A0F-B010-4256-ACD0-B09DAAC563D0</string> <key>PayloadType</key> <string>com.apple.notificationsettings</string> <key>PayloadUUID</key> <string>9D668A0F-B010-4256-ACD0-B09DAAC563D0</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDescription</key> <string>Configures SentinelOne</string> <key>PayloadDisplayName</key> <string>SentinelOne</string> <key>PayloadIdentifier</key> <string>com.promobitech.scalefusion.6F728871-3879-4C4C-B5DE-7FA51E7E45AA</string> <key>PayloadOrganization</key> <string>Scalefusion</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>C4BA3634-1950-4295-A174-10319E0A89AB</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>Here's what the payload does:
Privacy Preferences Policy Control:
SystemPolicyAllFiles: Grants access to all files on the system to specific apps (e.g., com.sentinelone.sentineld, com.sentinelone.sentineld-helper, and com.sentinelone.sentineld-shell).
BluetoothAlways: Allows the com.sentinelone.sentinel-helper app to always access Bluetooth.
System Extensions: This section allows specific system extensions for SentinelOne to run on the Mac. It lists the allowed extensions and specifies that these cannot be overridden or removed by the user.
Web Content Filter: This section configures a web content filter, likely related to network monitoring or firewall functionality. It specifies that the filter should operate at the socket level, meaning it will filter network traffic based on connections rather than individual packets.
Notification Settings: Configures notification settings for the SentinelOne app (com.sentinelone.SentinelAgent), enabling badges, critical alerts, and showing notifications on the lock screen, in the notification center, and in CarPlay.
Follow our guide on how to add the Custom Payload in the Device Profile & deploy it to devices.
Note:
The Payload and its contents are sourced from various albeit authenticated Apple Developer communities and forums.
Please validate them on a test machine before deploying them on all your managed devices.
Scalefusion has tested these Payloads, however, Scalefusion will not be responsible for any loss of data or system malfunction that may arise due to the incorrect usage of these payloads.
この記事は役に立ちましたか?
