The following payload helps IT Admins enforce specific privacy, system extension, and notification policies for the SentinelOne security software on macOS, ensuring that the application can perform its functions with the necessary permissions and access.
Copy the contents below directly and add them to Apple Configurations > Custom Configurations for Mac, or click here to download the file and import it.
Follow our guide on how to add the Custom Payload in the Apple Configurations & deploy it to devices.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadDisplayName</key> <string>Privacy Preferences Policy Control #1</string> <key>PayloadIdentifier</key> <string>com.apple.TCC.configuration-profile-policy.8AEEC4F9-4BD9-4422-B8CD-6745221671E3</string> <key>PayloadType</key> <string>com.apple.TCC.configuration-profile-policy</string> <key>PayloadUUID</key> <string>8AEEC4F9-4BD9-4422-B8CD-6745221671E3</string> <key>PayloadVersion</key> <integer>1</integer> <key>Services</key> <dict> <key>SystemPolicyAllFiles</key> <array> <dict> <key>Allowed</key> <true/> <key>CodeRequirement</key> <string>anchor apple generic and identifier "com.sentinelone.sentineld" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string> <key>Identifier</key> <string>com.sentinelone.sentineld</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <false/> </dict> <dict> <key>Allowed</key> <integer>1</integer> <key>CodeRequirement</key> <string>anchor apple generic and identifier "com.sentinelone.sentineld-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string> <key>Identifier</key> <string>com.sentinelone.sentineld-helper</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <integer>0</integer> </dict> <dict> <key>Allowed</key> <integer>1</integer> <key>CodeRequirement</key> <string>anchor apple generic and identifier "com.sentinelone.sentineld-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string> <key>Identifier</key> <string>com.sentinelone.sentineld-shell</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <integer>0</integer> </dict> </array> <key>BluetoothAlways</key> <array> <dict> <key>Allowed</key> <integer>1</integer> <key>CodeRequirement</key> <string>anchor apple generic and identifier "com.sentinelone.sentinel-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string> <key>Identifier</key> <string>com.sentinelone.sentinel-helper</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <integer>0</integer> </dict> </array> </dict> </dict> <dict> <key>AllowUserOverrides</key> <true/> <key>AllowedSystemExtensions</key> <dict> <key>4AYE5J54KN</key> <array> <string>com.sentinelone.network-monitoring</string> </array> </dict> <key>PayloadDescription</key> <string></string> <key>PayloadDisplayName</key> <string>System Extensions</string> <key>PayloadIdentifier</key> <string>1BDD5153-6C81-4E0F-B409-1C321FF5E251</string> <key>PayloadOrganization</key> <string>Gete.Net Consulting</string> <key>PayloadType</key> <string>com.apple.system-extension-policy</string> <key>PayloadUUID</key> <string>1BDD5153-6C81-4E0F-B409-1C321FF5E251</string> <key>PayloadVersion</key> <integer>1</integer> </dict> <dict> <key>PayloadUUID</key> <string>2B453873-A72A-4389-908A-9BF11B98790F</string> <key>PayloadType</key> <string>com.apple.system-extension-policy</string> <key>PayloadOrganization</key> <string>Sentinel Labs, Inc.</string> <key>PayloadIdentifier</key> <string>2B453873-A72A-4389-908A-9BF11B98790F</string> <key>PayloadDisplayName</key> <string>System Extensions</string> <key>PayloadDescription</key> <string/> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadEnabled</key> <true/> <key>AllowUserOverrides</key> <false/> <key>AllowedTeamIdentifiers</key> <array> <string>4AYE5J54KN</string> </array> <key>RemovableSystemExtensions</key> <dict> <key>4AYE5J54KN</key> <array> <string>com.sentinelone.network-monitoring</string> </array> </dict> </dict> <dict> <key>FilterDataProviderBundleIdentifier</key> <string>com.sentinelone.network-monitoring</string> <key>FilterDataProviderDesignatedRequirement</key> <string>identifier "com.sentinelone.network-monitoring" and anchor apple generic and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string> <key>FilterGrade</key> <string>firewall</string> <key>FilterPackets</key> <false/> <key>FilterSockets</key> <true/> <key>FilterType</key> <string>Plugin</string> <key>PayloadDisplayName</key> <string>Web Content Filter Payload</string> <key>PayloadIdentifier</key> <string>14DDD990-E2D8-4DD1-8CC6-72FEFB5F252B</string> <key>PayloadOrganization</key> <string>Scalefusion Software</string> <key>PayloadType</key> <string>com.apple.webcontent-filter</string> <key>PayloadUUID</key> <string>14DDD990-E2D8-4DD1-8CC6-72FEFB5F252B</string> <key>PayloadVersion</key> <integer>1</integer> <key>PluginBundleID</key> <string>com.sentinelone.extensions-wrapper</string> <key>UserDefinedName</key> <string>SentinelOne Extensions</string> </dict> <dict> <key>NotificationSettings</key> <array> <dict> <key>BadgesEnabled</key> <true/> <key>BundleIdentifier</key> <string>com.sentinelone.SentinelAgent</string> <key>CriticalAlertEnabled</key> <true/> <key>NotificationsEnabled</key> <true/> <key>ShowInCarPlay</key> <true/> <key>ShowInLockScreen</key> <true/> <key>ShowInNotificationCenter</key> <true/> <key>SoundsEnabled</key> <true/> </dict> </array> <key>PayloadDisplayName</key> <string>Notifications</string> <key>PayloadIdentifier</key> <string>com.apple.notificationsettings.9D668A0F-B010-4256-ACD0-B09DAAC563D0</string> <key>PayloadType</key> <string>com.apple.notificationsettings</string> <key>PayloadUUID</key> <string>9D668A0F-B010-4256-ACD0-B09DAAC563D0</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDescription</key> <string>Configures SentinelOne</string> <key>PayloadDisplayName</key> <string>SentinelOne</string> <key>PayloadIdentifier</key> <string>com.promobitech.scalefusion.6F728871-3879-4C4C-B5DE-7FA51E7E45AA</string> <key>PayloadOrganization</key> <string>Scalefusion</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>C4BA3634-1950-4295-A174-10319E0A89AB</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>Here's what the payload does:
Privacy Preferences Policy Control:
SystemPolicyAllFiles: Grants access to all files on the system to specific apps (e.g., com.sentinelone.sentineld, com.sentinelone.sentineld-helper, and com.sentinelone.sentineld-shell).
BluetoothAlways: Allows the com.sentinelone.sentinel-helper app to always access Bluetooth.
System Extensions: This section allows specific system extensions for SentinelOne to run on the Mac. It lists the allowed extensions and specifies that these cannot be overridden or removed by the user.
Web Content Filter: This section configures a web content filter, likely related to network monitoring or firewall functionality. It specifies that the filter should operate at the socket level, meaning it will filter network traffic based on connections rather than individual packets.
Notification Settings: Configures notification settings for the SentinelOne app (com.sentinelone.SentinelAgent), enabling badges, critical alerts, and showing notifications on the lock screen, in the notification center, and in CarPlay.
Note:
The Payload and its contents are sourced from various albeit authenticated Apple Developer communities and forums.
Please validate them on a test machine before deploying them on all your managed devices.
Scalefusion has tested these Payloads, however, Scalefusion will not be responsible for any loss of data or system malfunction that may arise due to the incorrect usage of these payloads.