macOS Sequoia

macOS Sequoia and Privacy Controls

Due to Sequoia’s enhanced privacy controls, third-party applications have limited ability to suppress notifications.

You can configure screenshot recording on macOS Sequoia while controlling display of the following notifications:

• Screenshot Permissions Pop-ups

• Control Center Privacy Indicator

Screenshot Permissions Pop-ups

When screenshot recording is enabled on the Mac Agent in macOS Sequoia, an automatic pop-up appears that indicates screenshots are being taken and requests the user’s permission to continue. This pop-up continues to appear periodically remaining visible for a few seconds, and then disappears automatically.

This is not a Proofpoint Agent issue and can be resolved by doing the following:

1. Deploy the latest Configuration Profile (version 4.2.1) included within management tools package. (See Management Tools.) (Endpoints > Downloads > Management Tools section in the Admin app.)

2. Always use a Signed profile. You can do this with either available Configuration Profile:

   • IT Viewer macOS 11.signed.mobileconfig: Configuration Profile signed by Proofpoint.  The default process name logger is used with this option.

   • IT Viewer macOS 11.mobileconfig: The unsigned Configuration Profile, which must be signed by the customer. Choose this option if you want to change the process name from logger to a name of your choice.

   For information about signed and unsigned profiles, see this article.

Control Center Privacy Indicator

In the Control Center on Mac, a purple dot displays, indicating that the system audio and/or screenshots are being recorded. This is a privacy indicator, introduced by Apple in Sequoia is not specific to Proofpoint. Any application that records the screen (e.g. Zoom, Teams) will trigger this indicator.

This indicator cannot be turned off or hidden when screenshot recording is enabled for the Proofpoint Agent. If screenshot recording is not required, disable the Screenshot Allowed option in the Agent Realm.

Endpoints > Agent Realms > Advanced Settings > Recording > Screenshot Allowed)

Clicking on the purple dot displays the applications sharing the screen. By default, the Proofpoint process logger displays when the Agent is recording.

You can rename the logger process. This does not eliminate the purple dot, but it allows you to choose the process name. To change the name, sign the Unsigned Configuration Profile IT Viewer macOS 11.mobileconfig with the name you want.