DLP is able to monitor monitor/detect/block activities for Safari browser only when the Safari extension is enabled by the end user.
The current macOS architecture places the Safari extension under end user control. That means users are able to control the enablement/disablement of the Symantec DLP Agent extension. Apple currently does not provide a way for this extension to be managed via MDM in a managed environment. This means DLP or any other software will not be able to automatically enable the necessary extension on end user machines or prevent the end user from disabling the extension.
Users can now be configured to receive a notification reminder dialog box every XX seconds whenever the Safari extension is disabled for their machines. To enable this, the following setting is needed:
1) This setting can be configured via the following setting on the Agent advanced setting tab in the Agent Configuration:
DLP 15.1: ExtensionEnablement.DISPLAY_SAFARI_EXTENSION_NOTIFICATION.int
DLP 15.5: ExtensionEnablement.DISPLAY_BROWSER_EXTENSION_NOTIFICATION.int
2) The frequency for the reminder should can be configured in the Agent configuration on the settings tab. Default interval is 10 seconds.
Documentation for the settings can be found below:
Impacted users will now see a notification every time Safari is launched. Though this can be dismissed, the notification will reappear after a certain timeout that is configured by the admin