search cancel

Install Requirements for DLP Mac Agent


Article ID: 198350


Updated On:


Data Loss Prevention Endpoint Prevent


The DLP agent for Mac OS requires additional access privileges or configuration at the OS and DLP server level for full functionality. 

These steps will vary depending on the Mac OS version and DLP agent version. An overview is provided below.


  • Release : DLP 15.x, Mac OS 10.x, 11.x
  • Component :Data Loss Prevention Endpoint Prevent


Mac OS security updates or architecture changes have driven the need to develop MDM profiles and other security system integrations. 


Mac Agent Requirements

Kernel extensions:

DLP 15.7 MP2 or newer:
  • Apple has deprecated kernel extensions in Mac OS 11 (Big Sur).
  • The Symantec DLP agent for Mac OS 11 from version 15.7 MP2 has been re-designed to eliminate their use
DLP Agent Versions below 15.7 MP2


Full Disk Access MDM:


Firefox Browser Extension:


Outlook extension MDM:

  • The previous hooking process that DLP uses for Mac Outlook was deprecated. Broadcom has developed an agave extension that requires an MDM profile to load. 
  • See Monitoring New Outlook for Mac


SIP Requirements


      MDM profiles may need the following details:
      Symantec Team ID: 9PTGMPNXZ2 (in all versions earlier than those listed below)
    • Broadcom Team ID: Y2CCP3S9W7(as of 15.7.0103 or 15.5.0213 or 15.1.0215)

      If you are using JAMF you can try the following command from terminal to see what MDM profiles are loaded:
      echo "<result>profiles -C -v | awk -F": " '/attribute: name/{print $NF ","}' | sort</result>