Do we have documented exclusions for MacOS endpoint actors? I did not see anything in the documentation. I'm using "exclusions" as my search term.
Thanks in advance for the guidance.
Do we have documented exclusions for MacOS endpoint actors?
+1
+6Hi, is this what you're looking for? https://docs.mandiant.com/home/msv-endpoint-actor-requirements#actor-services. The search term you are using is valid so we'll add it to that article so it appears more prominently. Thanks for the feedback!
+4Are you referring exclusions for EDR and Antivirus to prevent them from quarantining the Security Validation executable?
If so:
MacOS
- /Users/Shared/Verodin/node/node/scripts/verodin_endpoint
- /Users/Shared/Verodin/node/node/scripts/verodin_backend
- /Users/Shared/Verodin/node/node/scripts/verodin_network_monitor
- /Users/Shared/Verodin/node/node/web/verodin_standalone_server
You can also search by product name to get more detail. For example: Crowdstrike Exclusions.
+4Hi vinnie171,
in addition to the exclusions, there are a couple of other potential gotcha's you could run into. If you are running your Mac Actor on a notebook, make sure to disable any power saving options to prevent the system from going into a sleep mode. and there are some cases where actions might get a permission denied response, if you ever see this, check out this article on our documentation page: Some Actions will Not Run if Backend Service Doesn't Have Full Disk Access: Operation Not Permitted Error
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.