Endpoints - Installation Status
Overview
Every enrolled endpoint agent reports a health snapshot to Nightfall. The fields below appear in the Devices table and agent detail view in the console.
Primary Fields
OS
The operating system and version running on the device (e.g. macOS 14.4). Useful for troubleshooting OS-specific behavior.
Device Name & ID
The hostname of the device (e.g. jsmith-macbook-pro) along with serial number. Used to identify the device in the console.
User Email
User email of the user using the device. This is populated once the user profile to device mapping is done. Links the device to a user identity in your directory. If blank, violations from this device may not be attributed to a user.
Agent Status and Time since last connection
The overall health status of the agent. See Agent Status Values below. Seconds since the agent last checked in with the Nightfall backend for its current configuration. A high value may indicate network or connectivity issues.
Agent Version
The version of the Nightfall agent currently installed. Compare against the latest release to identify outdated agents.
Permissions/MDM
Whether the agent is missing any accessibility permissions or details about any errors due to missing MDM profiles. Used to track whether the latest MDM profile has been deployed.
Browser Extensions
The browser extensions installation status across supported browsers.
Stealth Mode
Whether the agent is running in stealth mode (Enabled or Disabled). In stealth mode, the agent operates silently with no visible UI on the endpoint.
Policy Exceptions
The number of active exception requests on the device. The specific policy and an overview of the override request with an ability to revoke that override request.
Agent Status Values
The agentStatus field reflects the agent's overall operational state.
Online
The agent is running normally and enforcing policy.
No action needed.
Offline
The agent is not connected for 6 consecutive hours.
Verify the agent process is running on the device.
Disconnected
The agent is not connected and inactive for 21 days.
Re-deploy the endpoint package to the device.
Error
Note: The exact set of
agentStatusvalues is validated server-side and may expand in future releases.
Missing Permissions
The missingPermissions field lists macOS system permissions that the agent requires but has not been granted. Each missing permission reduces the agent's ability to inspect and protect data.
FullDiskAccess
Allows the agent to scan files across the entire filesystem, including protected directories. Without this, file-based DLP scanning is severely limited.
MDM (recommended): Deploy a profile granting Full Disk Access to the Nightfall agent binary. Manual: System Settings → Privacy & Security → Full Disk Access → add Nightfall Agent.
ScreenRecording
Allows the agent to capture screen content for AI-based visual scanning (e.g. sensitive data visible on screen).
MDM: Deploy a profile granting Screen Recording. Manual: System Settings → Privacy & Security → Screen Recording → add Nightfall Agent.
Accessibility
Allows the agent to monitor UI interactions and clipboard activity. Required for clipboard DLP.
MDM: Deploy a profile granting Accessibility. Manual: System Settings → Privacy & Security → Accessibility → add Nightfall Agent.
NetworkExtension
Allows the agent's network filter to inspect network traffic. Required for web/cloud DLP enforcement.
MDM (recommended): Deploy a Network Extension or Content Filter MDM payload. Manual: System Settings → Privacy & Security → Network Extensions → approve Nightfall. A reboot may be required.
Best practice: All four permissions should be pre-granted via MDM before deploying the agent. Requiring end-users to grant permissions manually leads to incomplete coverage and is not recommended in enterprise deployments.
Active Errors
The errors field lists specific error conditions the agent has detected. Multiple errors can be present simultaneously.
Agent not connected The Nightfall agent is not running on this device. Browser upload monitoring and clipboard detection are unavailable until the agent is restarted. Reinstall or restart the agent on the device.
Browser extension not connected A supported browser is open on this device, but the Nightfall browser extension is not connected. Corporate vs. personal account filtering and some browser paste detection will not work until the extension connects. Ensure the extension is installed and enabled in your browser, then reload the page.
Agent lacks Full Disk Access permission The agent is running but does not have the system permissions required to monitor file activity. On macOS, grant Full Disk Access to the Nightfall agent in System Settings → Privacy & Security → Full Disk Access, then restart the agent.
Kernel driver not installed The Nightfall kernel driver is missing from this device. File system monitoring, removable media enforcement, and upload blocking are unavailable. Reinstall the Nightfall agent package to restore full monitoring capability.
Kernel driver not loaded The Nightfall kernel driver is installed but not currently running. Restart the device to load the driver. If the issue persists, reinstall the Nightfall agent package.
User identity not available The agent cannot attribute activity on this device to a user account. Violations will be logged without a user identity until the device is associated with a user. Ensure the device is enrolled in your MDM and that user identity mapping is configured in the Nightfall console.
Browser Extension Status
The extensionsInfo field provides per-browser and per-profile extension status. This replaces the legacy browsersInstalled fields.
Per-browser fields
Name
Browser identifier (e.g. chrome, firefox, edge, safari, brave, arc).
Extension Installed
Whether the Nightfall browser extension is installed in this browser.
Extension Connected
Whether the extension is actively communicating with the agent. An extension can be installed but not connected (see BrowserExtensionNotConnected error).
Profiles
Per-profile breakdown. See below.
Per-profile fields
Name
The browser profile name (e.g. Default, Work, Personal).
Extension Installed
Whether the extension is installed in this specific profile.
Enabled
Whether the extension is enabled (not disabled by the user) in this profile.
The email address associated with this browser profile, if available.
Supported Browsers
The following browsers are recognized: Chrome, Firefox, Edge, Safari, Edge, Arc, Brave, OpenAI Atlas, Perplexity Comet, Vivaldi.
Last updated
Was this helpful?