DLP is able to monitor monitor/detect/block activities for Safari browser only when the Safari extension is enabled by the end user.
The current macOS architecture places the Safari extension under end user control. That means users are able to control the enablement/disablement of the Symantec DLP Agent extension. Apple currently does not provide a way for this extension to be managed via MDM in a managed environment. This means DLP or any other software will not be able to automatically enable the necessary extension on end user machines or prevent the end user from disabling the extension.
MacOs 10.11 or greater
with
DLP 15.1 or greater
Users can now be configured to receive a notification reminder dialog box every XX seconds whenever the Safari extension is disabled for their machines. To enable this, the following setting is needed:
1) This setting can be configured via the following setting on the Agent advanced setting tab in the Agent Configuration:
DLP 15.1 and later: ExtensionEnablement.DISPLAY_SAFARI_EXTENSION_ NOTIFICATION.int - applies to Safari only.
DLP 15.5 and later: ExtensionEnablement.DISPLAY_BROWSER_EXTENSION_ NOTIFICATION.int - applies to Safari and Firefox.
2) The frequency for the reminder can be configured in the Agent configuration on the settings tab. Default interval is 10 seconds. This applies to MacOS only.
Documentation for the settings can be found below:
DLP 15.8 - Enable monitoring on the Safari browser
Impacted users will now see a notification every time Safari is launched. Though this can be dismissed, the notification will reappear after a certain timeout that is configured by the DLP Administrator.