# Endpoints - Installation Status

#### Overview

Every enrolled endpoint agent reports a health snapshot to Nightfall. The fields below appear in the **Devices** table and agent detail view in the console.

***

#### Primary Fields

<table><thead><tr><th width="269.9609375">Field</th><th>What it means</th></tr></thead><tbody><tr><td><strong>OS</strong></td><td>The operating system and version running on the device (e.g. macOS 14.4). Useful for troubleshooting OS-specific behavior.</td></tr><tr><td><strong>Device Name &#x26; ID</strong></td><td>The hostname of the device (e.g. <code>jsmith-macbook-pro</code>) along with serial number. Used to identify the device in the console.</td></tr><tr><td><strong>User Email</strong></td><td>User email of the user using the device. This is populated once the user profile to device mapping is done. Links the device to a user identity in your directory. If blank, violations from this device may not be attributed to a user.</td></tr><tr><td><strong>Agent Status and Time since last connection</strong></td><td>The overall health status of the agent. See Agent Status Values below. Seconds since the agent last checked in with the Nightfall backend for its current configuration. A high value may indicate network or connectivity issues.</td></tr><tr><td><strong>Agent Version</strong></td><td>The version of the Nightfall agent currently installed. Compare against the latest release to identify outdated agents.</td></tr><tr><td><strong>Permissions/MDM</strong></td><td>Whether the agent is missing any accessibility permissions or details about any errors due to missing MDM profiles. Used to track whether the latest MDM profile has been deployed.</td></tr><tr><td><strong>Browser Extensions</strong></td><td>The browser extensions installation status across supported browsers.</td></tr><tr><td><strong>Stealth Mode</strong></td><td>Whether the agent is running in stealth mode (<code>Enabled</code> or <code>Disabled</code>). In stealth mode, the agent operates silently with no visible UI on the endpoint.</td></tr><tr><td><strong>Policy Exceptions</strong></td><td>The  number of active exception requests on the device. The specific policy and an overview of the override request with an ability to revoke that override request.</td></tr></tbody></table>

***

#### Agent Status Values

The `agentStatus` field reflects the agent's overall operational state.

| Status           | What it means                                        | How to fix                                         |
| ---------------- | ---------------------------------------------------- | -------------------------------------------------- |
| **Online**       | The agent is running normally and enforcing policy.  | No action needed.                                  |
| **Offline**      | The agent is not connected for 6 consecutive hours.  | Verify the agent process is running on the device. |
| **Disconnected** | The agent is not connected and inactive for 21 days. | Re-deploy the endpoint package to the device.      |
| **Error**        |                                                      |                                                    |

> **Note:** The exact set of `agentStatus` values is validated server-side and may expand in future releases.

***

#### Missing Permissions

The `missingPermissions` field lists macOS system permissions that the agent requires but has not been granted. Each missing permission reduces the agent's ability to inspect and protect data.

| Permission           | What it enables                                                                                                                                          | How to grant it                                                                                                                                                                                       |
| -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **FullDiskAccess**   | Allows the agent to scan files across the entire filesystem, including protected directories. Without this, file-based DLP scanning is severely limited. | **MDM (recommended):** Deploy a profile granting Full Disk Access to the Nightfall agent binary. **Manual:** System Settings → Privacy & Security → Full Disk Access → add Nightfall Agent.           |
| **ScreenRecording**  | Allows the agent to capture screen content for AI-based visual scanning (e.g. sensitive data visible on screen).                                         | **MDM:** Deploy a profile granting Screen Recording. **Manual:** System Settings → Privacy & Security → Screen Recording → add Nightfall Agent.                                                       |
| **Accessibility**    | Allows the agent to monitor UI interactions and clipboard activity. Required for clipboard DLP.                                                          | **MDM:** Deploy a profile granting Accessibility. **Manual:** System Settings → Privacy & Security → Accessibility → add Nightfall Agent.                                                             |
| **NetworkExtension** | Allows the agent's network filter to inspect network traffic. Required for web/cloud DLP enforcement.                                                    | **MDM (recommended):** Deploy a Network Extension or Content Filter MDM payload. **Manual:** System Settings → Privacy & Security → Network Extensions → approve Nightfall. A reboot may be required. |

> **Best practice:** All four permissions should be pre-granted via MDM before deploying the agent. Requiring end-users to grant permissions manually leads to incomplete coverage and is not recommended in enterprise deployments.

***

#### Active Errors

The `errors` field lists specific error conditions the agent has detected. Multiple errors can be present simultaneously.

**Agent not connected** The Nightfall agent is not running on this device. Browser upload monitoring and clipboard detection are unavailable until the agent is restarted. Reinstall or restart the agent on the device.

**Browser extension not connected** A supported browser is open on this device, but the Nightfall browser extension is not connected. Corporate vs. personal account filtering and some browser paste detection will not work until the extension connects. Ensure the extension is installed and enabled in your browser, then reload the page.

**Agent lacks Full Disk Access permission** The agent is running but does not have the system permissions required to monitor file activity. On macOS, grant Full Disk Access to the Nightfall agent in **System Settings → Privacy & Security → Full Disk Access**, then restart the agent.

**Kernel driver not installed** The Nightfall kernel driver is missing from this device. File system monitoring, removable media enforcement, and upload blocking are unavailable. Reinstall the Nightfall agent package to restore full monitoring capability.

**Kernel driver not loaded** The Nightfall kernel driver is installed but not currently running. Restart the device to load the driver. If the issue persists, reinstall the Nightfall agent package.

**User identity not available** The agent cannot attribute activity on this device to a user account. Violations will be logged without a user identity until the device is associated with a user. Ensure the device is enrolled in your MDM and that user identity mapping is configured in the Nightfall console.

***

#### Browser Extension Status

The `extensionsInfo` field provides per-browser and per-profile extension status. This replaces the legacy `browsersInstalled`  fields.

**Per-browser fields**

| Field                   | What it means                                                                                                                                               |
| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Name**                | Browser identifier (e.g. `chrome`, `firefox`, `edge`, `safari`, `brave`, `arc`).                                                                            |
| **Extension Installed** | Whether the Nightfall browser extension is installed in this browser.                                                                                       |
| **Extension Connected** | Whether the extension is actively communicating with the agent. An extension can be installed but not connected (see `BrowserExtensionNotConnected` error). |
| **Profiles**            | Per-profile breakdown. See below.                                                                                                                           |

**Per-profile fields**

| Field                   | What it means                                                                |
| ----------------------- | ---------------------------------------------------------------------------- |
| **Name**                | The browser profile name (e.g. `Default`, `Work`, `Personal`).               |
| **Extension Installed** | Whether the extension is installed in this specific profile.                 |
| **Enabled**             | Whether the extension is enabled (not disabled by the user) in this profile. |
| **Email**               | The email address associated with this browser profile, if available.        |

***

#### Supported Browsers

The following browsers are recognized: Chrome, Firefox, Edge, Safari, Edge, Arc, Brave, OpenAI Atlas, Perplexity Comet, Vivaldi.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.nightfall.ai/data-exfiltration-prevention/exfiltration_endpoint/endpoints-installation-status.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
Field	What it means
OS	The operating system and version running on the device (e.g. macOS 14.4). Useful for troubleshooting OS-specific behavior.
Device Name & ID	The hostname of the device (e.g. `jsmith-macbook-pro`) along with serial number. Used to identify the device in the console.
User Email	User email of the user using the device. This is populated once the user profile to device mapping is done. Links the device to a user identity in your directory. If blank, violations from this device may not be attributed to a user.
Agent Status and Time since last connection	The overall health status of the agent. See Agent Status Values below. Seconds since the agent last checked in with the Nightfall backend for its current configuration. A high value may indicate network or connectivity issues.
Agent Version	The version of the Nightfall agent currently installed. Compare against the latest release to identify outdated agents.
Permissions/MDM	Whether the agent is missing any accessibility permissions or details about any errors due to missing MDM profiles. Used to track whether the latest MDM profile has been deployed.
Browser Extensions	The browser extensions installation status across supported browsers.
Stealth Mode	Whether the agent is running in stealth mode (`Enabled` or `Disabled`). In stealth mode, the agent operates silently with no visible UI on the endpoint.
Policy Exceptions	The number of active exception requests on the device. The specific policy and an overview of the override request with an ability to revoke that override request.