macOS Agent Setup

Requirements

The agent is compatible with:

  • macOS 10.15 (Catalina)

  • macOS 11.x (Big Sur)

  • macOS 12.x (Monterey)

  • macOS 13.x (Ventura)

  • macOS 14.x (Sonoma)

Note

Support for macOS 10.13 (High Sierra) and macOS 10.14 (Mojave) has ended. The agent can still run on these versions, but with limited functionality.

Installation Methods

You can install the agent using:

  • installation script

  • .pkg installer

Install via Script

  1. First, download the agent:

  • from the server’s web interface, or

  • using this direct link.

  1. Before running the installation script, grant terminal access to the hard drive:

../../_images/mac_ventura.png
  1. Place the installation file on the machine to be monitored.

To do this, run the following command in the terminal from the agent’s folder:

sudo bash ./agent-macos.sh 10.0.0.1

Replace 10.0.0.1 with the IP address of your StaffCop server.

Grant permissions when prompted:

../../_images/mac_2.png
  1. Grant Terminal permission to install the agent:

../../_images/mac_4.png

In some macOS versions, you may also need to grant Screen Recording permissions:

../../_images/mac_3.png
  1. To monitor file operations, grant disk access to the application at /Library/Application Support/.AtomSec/fmon_app.

Install via .pkg File

  1. Download the pkg installer

Note

If the file name doesn’t include your StaffCop server address, rename it to agent-macos[server_address].pkg, replacing [server_address] with your server’s IP.

  1. Run the installer and follow the setup wizard.

Error: Can’t be opened because Apple cannot check it for malicious software
If you see the error message Can’t be opened because Apple cannot check it for malicious software, it means macOS can't verify the developer.

You can resolve this issue using one of the following methods:

  • Go to System PreferencesSecurity & Privacy → Click Open Anyway, or

  • Right-click the application icon and select Open. The warning will still appear, but the Open option will be available.

  1. When prompted, enter the system administrator’s login and password.

  2. Grant all necessary permission.

Note

To enable file operation control, allow disk access for the application at /Library/Application Support/.AtomSec/fmon_app.

../../_images/pkg_1.png

Verify installation:

  • check that all required permissions are granted on all tabs:

../../_images/pkg_1.png
  • In the StaffCop web interface, navigate to AlertsControl PanelComputers. You’ll see information about the installed agent.

Uninstallation

To remove the agent, run:

bash ./agent-macos.sh uninstall

See also

See :ref:Issue with empty screenshots after agent uninstallation <mac_faq_nonscreenshots> for troubleshooting.

Agent Logs

You can view the agent logs by running the following commands:

cat /Library/Caches/com.atomsec.staff/staff.log
cat /Library/Caches/com.atomsec.staff/staff_filemon.log
cat /tmp/staff.err.log
cat /var/log/system.log | grep com.atomsec.staff