To remotely deploy the Malwarebytes Endpoint Agent on Mac devices, Apple requires end users to grant Full Disk Access for macOS 10.15+ and allow our kernel/system extension. Normally, end users must manually go to their Mac Settings to grant these permissions which allow Malwarebytes to properly function. This article describes how you can remotely deploy the Endpoint Agent to your Macs and bypass these prompts.
Your Mac endpoints must have a User Approved Mobile Device Management (UAMDM) configured. You can enroll devices with Apple's Device Enrollment Program.
An MDM profile loaded remotely via SSH or similar does not qualify as a UAMDM.
Activate kernel extension and grant Full Disk Access
When deploying the Malwarebytes Endpoint Agent, you must allow our kernel extension on Macs running the following operating systems:
- macOS High Sierra 10.13 (Kernel extension)
- macOS Mojave 10.14 (Kernel extension)
- macOS Catalina 10.15 (Security framework extension)
- macOS Big Sur 11.x (Security framework extension)
To bypass the System Extension Blocked prompt, see the following instructions: Approve kernel extension for Malwarebytes Endpoint Protection on Mac devices.
If you have macOS Catalina 10.15 or macOS Big Sur 11.x endpoints, you must grant Full Disk Access when deploying the Malwarebytes Endpoint Agent. This is needed so Malwarebytes can scan sensitive disk locations for threats.
To bypass manually granting Full Disk Access, see the following instructions: Grant Malwarebytes Endpoint Agent Full Disk Access for Mac endpoints using UAMDM.