In this example, the configuration of xattr is correct and no conflicts exist within existing Agent Configurations.
Example of whitelisting xattr:
Release : 15.8
While the process to whitelist an application, more often than not, allows for use of that application without issue, in some cases, the whitelisted application may be a child process.
For macOS Endpoint Configurations, set the value of MONITOR_ APPLICATION_CHILD_ PROCESS_FILE_ACCESS to 0 within the Agent Configuration assigned to the macOS Endpoints.
Advanced agent settings > FileSystem.MONITOR_ APPLICATION_CHILD_ PROCESS_FILE_ACCESS
Default Setting in 15.8:
FileSystem.MONITOR_ APPLICATION_CHILD_ PROCESS_FILE_ACCESS.INT
|
1 | This setting allows the user to enable or disable the Application File Access feature that monitors child processes. Enter
1
to enable or enter
0
to disable. |