When using MDM (such as JAMF) to deploy the agents, you must download the Configuration Profile script that automatically grants most Agent System Preference permissions to the agent remotely. Configuration Profiles are located in observeit-OSX-management-tools-<version>.tar.gz file located and downloaded from Endpoints > Downloads > Management Tools section in the Administration application. (See Management Tools).
The following are additional requirements to be reviewed and completed to manage additional pop-ups that may appear.
Screen Recording Permissions
Due to Apple security controls, when the Mac Agent is installed, a recurring Screen & System Audio Recording pop-up may display prompting you to turn on and allow the logger process for screen recording. This pop-up is managed by the Configuration Profile.
Proofpoint offers an option that allows screen recording by interactively selecting the logger process.
To enable this, turn on the Automatically Grant Permissions to Capture Screenshots (MacOS) setting at the Realm level. (Administration > Endpoints > Agent Realms > Advanced Settings > Recording > Automatically Grant Permissions to Capture Screenshots (MacOS)).
When enabled, the logger is automatically selected, screen recording is allowed, and pop-up no longer displays.
macOS Sequoia and Privacy Controls
Due to Sequoia’s enhanced privacy controls, third-party applications have limited ability to suppress notifications.
You can configure screenshot recording on macOS Sequoia while controlling display of the following notifications:
Screenshot Permissions Pop-ups
When screenshot recording is enabled on the Mac Agent in macOS Sequoia, an automatic pop-up appears that indicates screenshots are being taken and requests the user’s permission to continue. This pop-up continues to appear periodically remaining visible for a few seconds, and then disappears automatically.
This is not a Proofpoint Agent issue and can be resolved by doing the following:
-
Deploy the latest Configuration Profile (version 4.2.1) included within management tools package. (See Management Tools.) (Endpoints > Downloads > Management Tools section in the Admin app.)
-
Always use a Signed profile. You can do this with either available Configuration Profile:
-
IT Viewer macOS 11.signed.mobileconfig: Configuration Profile signed by Proofpoint. The default process name logger is used with this option.
-
IT Viewer macOS 11.mobileconfig: The unsigned Configuration Profile, which must be signed by the customer. Choose this option if you want to change the process name from logger to a name of your choice.
For information about signed and unsigned profiles, see this article.
-
Control Center Privacy Indicator
In the Control Center on Mac, a purple dot 
displays, indicating that the system audio and/or screenshots are being recorded. This is a privacy indicator, introduced by Apple in Sequoia is not specific to Proofpoint. Any application that records the screen (e.g. Zoom, Teams) will trigger this indicator.
This indicator cannot be turned off or hidden when screenshot recording is enabled for the Proofpoint Agent. If screenshot recording is not required, disable the Screenshot Allowed option in the Agent Realm.
Endpoints > Agent Realms > Advanced Settings > Recording > Screenshot Allowed)
Clicking on the purple dot displays the applications sharing the screen. By default, the Proofpoint process logger displays when the Agent is recording.
You can rename the logger process. This does not eliminate the purple dot, but it allows you to choose the process name. To change the name, sign the Unsigned Configuration Profile IT Viewer macOS 11.mobileconfig with the name you want.
Related Topic: