Configuration requirements for macOS 11.x and later

To install Aurora Focus agent version 3.0 or later on devices with macOS Big Sur (11.x) or later, note the following configuration requirements. The requirements depend on whether devices are managed by an MDM solution (for example, Jamf Pro).

MDM managed devices

The information below uses Jamf Pro as the MDM solution, but it is applicable to other MDM solutions.

Requirement

Steps

Enable full disk access for Aurora Focus.
Create a configuration profile and configure the following privacy preferences:
  • Identifier: com.cylance.Optics
  • Identifier Type: Bundle ID
  • Code Requirement:
    CODE 
    identifier "com.cylance.Optics" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "6ENJ69K633"
  • SystemPolicyAllFiles service: Allow

Enable the Aurora Focus system extension.
Create a configuration profile and configure the following privacy preferences:
  • Display Name: Cylance Endpoint Security Optics System Extension
  • System Extension Types: Allowed System Extensions
  • Team Identifier: 6ENJ69K633
  • Allowed System Extensions: com.cylance.CyOpticsESF.extension

Enable the Aurora Focus system extension full disk access.
Create a configuration profile and configure the following privacy preferences:
  • Identifier: com.cylance.CyOpticsESF.extension
  • Identifier Type: Bundle ID
  • Code Requirement:
    CODE 
    anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "6ENJ69K633")
  • SystemPolicyAllFiles service: Allow

Enable the Aurora Focus network extension.
Create a configuration profile and configure the following content filter settings:
  • Filter Name: com.cylance.CyOpticsESF.extension
  • Identifier: com.cylance.CyOpticsESF.extension
  • Socket Filter Bundle Identifier: com.cylance.CyOpticsESF.extension
  • Socket Filter Designated Requirement:
    CODE 
    anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "6ENJ69K633")
  • Network Filter Bundle Identifier: com.cylance.CyOpticsESF.extension
  • Network Filter Designated Requirement:
    CODE 
    anchor apple generic and identifier "com.cylance.CyOpticsESF.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "6ENJ69K633")

Restart after installation.

After you complete the configuration steps above and install the Aurora Focus agent, restart the device.

Devices that are not MDM managed

After you install the Aurora Focus agent:
  1. Restart the device.
  2. Go to the Security & Privacy settings and approve CyOpticsESFLoader.
  3. When you are prompted, allow the Aurora Focus network filter.
  4. If System Integrity Protection (SIP) is enabled on the device, on the Privacy tab, click Full Disk Access and verify that CyOpticsESFLoader is selected. If CyOpticsESFLoader is not in the list, click +, navigate to /Library/Application Support/Cylance/Optics, and select CyOptics.
  5. Restart the device again.
To verify that the system extension is loaded:
  1. Run $ systemextensionsctl list and confirm that the output includes com.cylance.CyOpticsESF.extension.
  2. Run $ ps aux | grep -i extension | grep -i Cylance and confirm that the output includes com.cylance.CyOpticsESF.extension.systemextension.