The configuration profile for the Proofpoint macOS agent requires the following settings for Accessibility, Apple Events, Full Disk Access, Notifications, Screen Recording, and Service Management. The settings are described in the table below.
The table provides details on PPPC, Notifications, and Service Management settings starting from last updated macOS agent version 3.6 and later. Additional settings will be included in future updates, along with the minimum supported version for each setting.
Accessibility
| Bundle ID or Path | Signature/Code Requirement | Supported From Version |
|---|---|---|
| /Library/PEA/agent/logger | anchor apple generic and identifier "com.proofpoint.itm.logger" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | 3.6 |
| /etc/omonitor/logger | anchor apple generic and identifier "com.proofpoint.itm.logger" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | 3.6 |
Apple Events
| Bundle ID or Path | Signature/Code Requirement | Receiver Bundle ID | Receiver Code Requirement | Supported From Version |
|---|---|---|---|---|
| /Library/PEA/agent/logger | anchor apple generic and identifier "com.proofpoint.itm.logger" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | com.microsoft.Word | identifier "com.microsoft.Word" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9 | 4.0 |
| /Library/PEA/agent/logger | anchor apple generic and identifier "com.proofpoint.itm.logger" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | com.microsoft.Excel | identifier "com.microsoft.Excel" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9 | 4.0 |
| /Library/PEA/agent/logger | anchor apple generic and identifier "com.proofpoint.itm.logger" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | com.microsoft.Powerpoint | identifier "com.microsoft.Powerpoint" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9 | 4.0 |
| /Library/PEA/agent/logger | anchor apple generic and identifier "com.proofpoint.itm.logger" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | com.apple.TextEdit | identifier "com.apple.TextEdit" and anchor apple | 4.0 |
| /Library/PEA/agent/logger | anchor apple generic and identifier "com.proofpoint.itm.logger" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | com.apple.Preview | identifier "com.apple.Preview" and anchor apple | 4.0 |
| /Library/PEA/agent/logger | anchor apple generic and identifier "com.proofpoint.itm.logger" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | com.barebones.bbedit | (anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = W52GZAXT98) and identifier "com.barebones.bbedit" | 4.0 |
| /Library/PEA/agent/logger | anchor apple generic and identifier "com.proofpoint.itm.logger" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | com.adobe.Acrobat.Pro | anchor apple generic and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = JQ525L2MZD) | 4.0 |
| /Library/PEA/agent/logger | anchor apple generic and identifier "com.proofpoint.itm.logger" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | com.apple.systemuiserver | identifier "com.apple.systemuiserver" and anchor apple | 3.6 |
| /Library/PEA/agent/logger | anchor apple generic and identifier "com.proofpoint.itm.logger" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | com.apple.systemevents | identifier "com.apple.systemevents" and anchor apple | 3.6 |
| /Library/PEA/agent/logger | anchor apple generic and identifier "com.proofpoint.itm.logger" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | com.apple.finder | identifier "com.apple.finder" and anchor apple | 3.6 |
| /Library/PEA/agent/logger | anchor apple generic and identifier "com.proofpoint.itm.logger" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | com.apple.Safari | identifier "com.apple.Safari" and anchor apple | 3.6 |
| /Library/PEA/agent/logger | anchor apple generic and identifier "com.proofpoint.itm.logger" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | com.google.Chrome | (identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = EQHXZ8M8AV | 3.6 |
Full Disk Access
| Bundle ID or Path | Signature/Code Requirement | Supported From Version |
|---|---|---|
| /Library/PEA/agent/ContentScanning/it-csnative | identifier "it-csnative" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL | 4.4 |
| /Library/PEA/agent/logger | anchor apple generic and identifier "com.proofpoint.itm.logger" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | 3.6 |
| /Library/PEA/agent/service | anchor apple generic and identifier "com.proofpoint.itm.service" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | 3.6 |
| /Library/ITUpdater/updater/autoUpdater | anchor apple generic and identifier autoUpdater and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | 3.6 |
| com.proofpoint.itm.prevention | anchor apple generic and identifier "com.proofpoint.itm.prevention" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | 3.6 |
| /Library/PEA/agent/ContentScanning/Zulu/zulu-11.jre/Contents/Home/bin/java | identifier "com.azul.zulu.11.0.15.java" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TDTHCUPYFR | 3.6 |
| /Library/PEA/agent/ContentScanning/zulu11.52.13-ca-jre11.0.13-macosx_x64/zulu-11.jre/Contents/Home/bin/java | identifier "com.azul.zulu.11.0.13.java" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TDTHCUPYFR | 3.6 |
| /Library/PEA/agent/ContentScanning/zulu11.52.13-ca-jre11.0.13-macosx_aarch64/zulu-11.jre/Contents/Home/bin/java | identifier "com.azul.zulu.11.0.13.java" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TDTHCUPYFR | 3.6 |
| /Library/PEA/agent/ContentScanning/Zulu/zulu-17.jre/Contents/Home/bin/java | identifier "com.azul.zulu.java" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TDTHCUPYFR | 3.6 |
Notification Settings
Payload Type (com.apple.notificationsettings)
Bundle Identifier (com.proofpoint.itm.prevention)
| Key | Value | Supported From Version |
|---|---|---|
|
True | 3.6 |
|
Alerts | 3.6 |
|
True | 3.6 |
|
True | 3.6 |
|
True | 3.6 |
|
True | 3.6 |
Restrictions Settings
| Payload Type | Key | Value | Supported From Version |
|---|---|---|---|
| com.apple.applicationaccess | forceBypassScreenCaptureAlert (Suppress Screen Capture Alerts) | True | Sequoia 15.1 |
Screen Recording
| Bundle ID or Path | Signature/Code Requirement | Access | Supported From Version |
|---|---|---|---|
| /Library/PEA/agent/logger | anchor apple generic and identifier "com.proofpoint.itm.logger" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DJR63QYCGL) | AllowStandardUserToSetSystemService | 3.6 |
Service Management
| Type | Value | Comment | Supported From Version |
|---|---|---|---|
| Label | com.proofpoint.ecd | Prevent control of Proofpoint DLP Launch Agents and Launch Daemons | 3.6 |
| TeamIdentifier | DJR63QYCGL | Prevent control of Proofpoint DLP Launch Agents and Launch Daemons | 3.6 |
| TeamIdentifier | TDTHCUPYFR | Prevent control of Proofpoint DLP content-scanning component | 3.6 |
Related Topic:
MDM Deployment to Install/Uninstall the Mac Agent/Bundle (JAMF)