Cisco AMP - Grant Full Disk Access MacOS 10.14 and up
With MacOS 10.14 introduced a change that requires user consent before an application can access user files such as contacts, calendars, photos, mail and messages. Full Disk Access must be granted for the Connector to access and scan those files. Use the following for enabling AMP client full disk access. AMP Console error "Critical Fault" The Connector's system extensions have been blocked from execution. Open Security and Privacy System Preferences and approve the extensions.
Ref: https://console.amp.cisco.com/help/en/wwhelp/wwhimpl/js/html/wwhelp.htm (search key word "grant full disk access")
1. Launch System Preferences.
2. Click Security and Privacy.
3. Click the lock to make changes.
4. On macOS 10.14 select Full Disk Access from the left pane and add "AMP for Endpoints Service" by doing one of the following:
- Click the + button and choose "/Applications/Cisco AMP for Endpoints/AMP for Endpoints Service" in the file selector dialog.
- Drag "/Applications/Cisco AMP for Endpoints/AMP for Endpoints Service.app" from Finder to the right pane.
On macOS 10.15 and later select Full Disk Access from the left pane. Different programs will be listed for Mac Connector Full Disk Access depending on the version of the Mac Connector being run. Ensure the following are checked if they appear in the list:
- AMP for Endpoints Service • AMP Security Extension