macOS Agent Setup¶
Requirements¶
The agent is compatible with:
macOS 10.15 (Catalina)
macOS 11.x (Big Sur)
macOS 12.x (Monterey)
macOS 13.x (Ventura)
macOS 14.x (Sonoma)
Note
Support for macOS 10.13 (High Sierra) and macOS 10.14 (Mojave) has ended. The agent can still run on these versions, but with limited functionality.
Installation Methods¶
You can install the agent using:
installation script
.pkg installer
Install via Script¶
First, download the agent:
from the server’s web interface, or
using this direct link.
Before running the installation script, grant terminal access to the hard drive:
Place the installation file on the machine to be monitored.
To do this, run the following command in the terminal from the agent’s folder:
sudo bash ./agent-macos.sh 10.0.0.1Replace 10.0.0.1 with the IP address of your StaffCop server.
Grant permissions when prompted:
![]()
Grant Terminal permission to install the agent:
![]()
In some macOS versions, you may also need to grant Screen Recording permissions:
![]()
To monitor file operations, grant disk access to the application at /Library/Application Support/.AtomSec/fmon_app.
Install via .pkg File¶
Note
If the file name doesn’t include your StaffCop server address, rename it to agent-macos[server_address].pkg, replacing [server_address] with your server’s IP.
Run the installer and follow the setup wizard.
Error: Can’t be opened because Apple cannot check it for malicious software
If you see the error message Can’t be opened because Apple cannot check it for malicious software, it means macOS can't verify the developer.
You can resolve this issue using one of the following methods:
- Go to System Preferences → Security & Privacy → Click Open Anyway, or
- Right-click the application icon and select Open. The warning will still appear, but the Open option will be available.
When prompted, enter the system administrator’s login and password.
Grant all necessary permission.
Note
To enable file operation control, allow disk access for the application at /Library/Application Support/.AtomSec/fmon_app.
![]()
Verify installation:
check that all required permissions are granted on all tabs:
In the StaffCop web interface, navigate to Alerts → Control Panel → Computers. You’ll see information about the installed agent.
Uninstallation¶
To remove the agent, run:
bash ./agent-macos.sh uninstall
See also
See :ref:Issue with empty screenshots after agent uninstallation <mac_faq_nonscreenshots> for troubleshooting.
Agent Logs¶
You can view the agent logs by running the following commands:
cat /Library/Caches/com.atomsec.staff/staff.log
cat /Library/Caches/com.atomsec.staff/staff_filemon.log
cat /tmp/staff.err.log
cat /var/log/system.log | grep com.atomsec.staff