- Elastic Cloud Serverless
- Elasticsearch
- Elastic Observability
- Get started
- Observability overview
- Elastic Observability Serverless billing dimensions
- Create an Observability project
- Quickstart: Monitor hosts with Elastic Agent
- Quickstart: Monitor your Kubernetes cluster with Elastic Agent
- Quickstart: Monitor hosts with OpenTelemetry
- Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
- Quickstart: Collect data with AWS Firehose
- Get started with dashboards
- Applications and services
- Application performance monitoring (APM)
- Get started with traces and APM
- Learn about data types
- Collect application data
- View and analyze data
- Act on data
- Use APM securely
- Reduce storage
- Managed intake service event API
- Troubleshooting
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure a Synthetics project
- Multifactor Authentication for browser monitors
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Scale and architect a deployment
- Synthetics Encryption and Security
- Troubleshooting
- Application performance monitoring (APM)
- Infrastructure and hosts
- Logs
- Inventory
- Incident management
- Data set quality
- Observability AI Assistant
- Machine learning
- Reference
- Get started
- Elastic Security
- Elastic Security overview
- Security billing dimensions
- Create a Security project
- Elastic Security requirements
- Elastic Security UI
- AI for Security
- Ingest data
- Configure endpoint protection with Elastic Defend
- Manage Elastic Defend
- Endpoints
- Policies
- Trusted applications
- Event filters
- Host isolation exceptions
- Blocklist
- Optimize Elastic Defend
- Event capture and Elastic Defend
- Endpoint protection rules
- Identify antivirus software on your hosts
- Allowlist Elastic Endpoint in third-party antivirus apps
- Elastic Endpoint self-protection features
- Elastic Endpoint command reference
- Endpoint response actions
- Cloud Security
- Explore your data
- Dashboards
- Detection engine overview
- Rules
- Alerts
- Advanced Entity Analytics
- Investigation tools
- Asset management
- Manage settings
- Troubleshooting
- Manage your project
- Changelog
Enable access for macOS Ventura and higher
editEnable access for macOS Ventura and higher
editTo properly install and configure Elastic Defend manually without a Mobile Device Management (MDM) profile, there are additional permissions that must be enabled on the host before Elastic Endpoint—the installed component that performs Elastic Defend’s threat monitoring and prevention—is fully functional:
The following permissions that need to be enabled are required after you configure and install the Elastic Defend integration, which includes enrolling the Elastic Agent.
Approve the system extension for Elastic Endpoint
editFor macOS Ventura (13.0) and later, Elastic Endpoint will attempt to load a system extension during installation. This system extension must be loaded in order to provide insight into system events such as process events, file system events, and network events.
The following message appears during installation:

- Click Open System Settings.
-
In the left pane, click Privacy & Security.
-
On the right pane, scroll down to the Security section. Click Allow to allow the ElasticEndpoint system extension to load.
-
Enter your username and password and click Modify Settings to save your changes.
Approve network content filtering for Elastic Endpoint
editAfter successfully loading the ElasticEndpoint system extension, an additional message appears, asking to allow Elastic Endpoint to filter network content.

Click Allow to enable content filtering for the ElasticEndpoint system extension. Without this approval, Elastic Endpoint cannot receive network events and, therefore, cannot enable network-related features such as host isolation.
Enable Full Disk Access for Elastic Endpoint
editElastic Endpoint requires Full Disk Access to subscribe to system events using the Elastic Defend framework and to protect your network from malware and other cybersecurity threats. Full Disk Access permissions is a privacy feature introduced in macOS Mojave (10.14) that prevents some applications from accessing your data.
If you have not granted Full Disk Access, the following notification prompt will appear.

To enable Full Disk Access, you must manually approve Elastic Endpoint.
The following instructions apply only to Elastic Endpoint version 8.0.0 and later. Versions 7.17.0 and earlier are not supported. To see Full Disk Access requirements for the Endgame sensor, refer to Endgame’s documentation.
- Open the System Settings application.
-
In the left pane, select Privacy & Security.
-
From the right pane, select Full Disk Access.
-
Enable
ElasticEndpoint
andco.elastic
to properly enable Full Disk Access.
On this page