8.2 CIS Client for Mac

It includes the following:

8.2.1 Prerequisite

Ensure the --block-unmanaged-cis-reads option is set to 'yes' by using the novcifs command line utility.

NOTE:Only administrator can modify this option on the OES server.

8.2.2 Installing CIS Client

The following are the steps to install the CIS client on a Mac workstation. We have used macOS Ventura to explain the procedure.

  1. Open the CISClient.pkg installer to launch the package.

  2. Read the introduction, then click Continue.

  3. Click Continue, then Agree to accept the end-user license agreement.

  4. Click Install. It prompts for administrator credentials; enter the password and click Install Software > OK to begin the installation.

    In a few seconds, the client is successfully installed.

  5. You are prompted with a “System Extension Blocked” message. Click on the Open System Settings button.

    1. In macOS Ventura, click the Privacy & Security tab and click Details.

      or

      In macOS Monterey, click on the lock button, which prompts for the system password. Specify the password and click Unlock.

    2. In macOS Ventura, Specify the password and click Unlock.

      or

      In macOS Monterey, click Details.

      or

      In Big Sur, click Details.

      or

      In Catalina, click Allow.

    3. In macOS Ventura, select both the CisAgent and click OK.

      or

      In macOS Monterey, select both the CisAgent.app.

      or

      In Big Sur, select both the CisAgent.app.

      or

      In Catalina, select the Placeholder Developer and click OK.

    4. Click Allow to enable network filtering.

    5. In the Privacy & Security tab, click Full Disk Access.

    6. Select EndpointSecurityExtension and CisAgent. If CisAgent is not listed, then click the + button to add it.

    7. Specify the password and click Unlock.

  6. For the configuration changes made to the CIS client to take effect, click Restart.

8.2.3 Log Details

  • The CIS client log information is available under 'Devices' section in the /Applications/Utilities/Console.app application. To send the logs to developer, run the following command in /Applications/Utilities/Console.app and share the system_logs.logarchive file.

  • To enable debug log, use the following command:

    sudo sysctl -w kern.com_microfocus_cismac="debug=<value>"

    Example:

    sudo sysctl -w kern.com_microfocus_cismac="debug=10"

8.2.4 Limitation

After uninstalling the CIS client, ensure to restart the Mac workstation. Otherwise, the workstation would still behave as a managed CIS client (can access files uploaded to the cloud), which leads to the unwanted download of files from the cloud.