This document explains how to create exceptions to avoid conflicts with other products that operate at the macOS kernel level (based on the Endpoint Security Framework), which may interrupt the execution of EPM macOS. It also covers exceptions needed to prevent communication issues between the Client and the backend.
Execution
Grant execution permission to:
/Applications/Segura EPM.app/*
/Library/PrivilegedHelperTools/security.segura.epm.sudodhelper
/Library/SystemExtensions/*/security.segura.epm.EndpointSecurityExtension.systemextension/*
Read and write
Grant read and write permission to:
/Library/Application Support/Segura/*
/etc/sudoers.d/*
/var/log/sudo-io/*
/private/var/root/Library/Application Support/security.segura.epm.EndpointSecurityExtension/*
Signature identification
When necessary, identify the artifacts using Apple’s Code Signing Requirement Language:
anchor apple generic and
( certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or
certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ ) and
certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and
certificate leaf[subject.OU] = ZPG253J89N