Install Nightfall AI Agent for MAC OS
Nightfall for macOS allows you to detect exfiltration events on your macOS devices. The Nightfall exfiltration feature can monitor any files being uploaded through supported cloud storage apps or browsers on macOS devices.
To use Nightfall on macOS, you’ll need to install the Nightfall AI agent. You can install it manually for testing or evaluation purposes, or automate the install through MDM.
Apple requires the use of MDM profiles for applications like Nightfall AI to obtain the necessary permissions to function properly. While you can grant these permissions manually, there is no supported or scriptable alternative to an MDM solution for seamless, unattended deployment at scale.
If you manage Chrome extensions via Google Workspace Admin Console
Before deploying the Nightfall Agent, you must configure Chrome's PolicyMergeList setting in your Google Admin Console. Without this, the Nightfall extension's machine-level Chrome policy will override your existing Google Workspace-managed extensions, causing them to disappear from users' browsers.
To configure PolicyMergeList:
Go to Admin Console → Devices → Chrome → Settings
Search for PolicyMergeList
Select the Organizational Unit that covers your managed devices
In the Configuration field, enter
a specific policy nameto scope this down to Nightfall policy to be merged across sourcesClick Save
To verify, open Chrome on an affected machine and navigate to
chrome://policy. TheExtensionInstallForcelistpolicy should show Source: MergedPolicy changes can take up to 30 minutes to propagate. You can force a refresh by clicking Reload policies in
chrome://policy.
Not sure if this applies to you? If your IT team uses Google Workspace (Google Admin Console) to manage which Chrome extensions are force-installed on employee machines, this applies to you.
Nightfall supports the following agent installation methods for macOS:
Stealth Mode Installation
You can install the Nightfall AI macOS agent in stealth/hidden mode. Installing the agent in stealth mode allows you to hide visible UI elements once the Nightfall agent is installed. When you install the agent in silent mode, the Nightfall status bar icon. Additionally, the Nightfall application will not be visible in the Applications folder when viewed in Finder.
Use cases
Covert Monitoring: If an organization suspects an employee of exfiltrating sensitive data, they can install the agent in stealth mode to monitor the employee's asset without the employee's knowledge.
Ensuring Bias-Free Compliance: An organization wishes to confirm if their employees are adhering to HIPAA/PCI compliances; they can install the agent in stealth mode without giving any indication to their employees (which can prompt a change in their behavior).
Prevent User Distractions: Organizations that do not wish to distract their users about the agent presence and monitoring can depoy in stealth mode.
Stealth Mode Installation Process
In the
mdm_pre_installation_script.shfile, find thehide_status_iconflag.Set the flag to
true. By default, the flag is set tofalse.
Stealth mode installation hides the agent only from UI. Employees can find Nightfall if they navigate to the Application folder via Terminal.
Nightfall Agent Auto Update
Nightfall employs the automatic endpoint update functionality. With this feature, Nightfall can deliver the majority of endpoint agent bug fixes and feature updates directly to endpoints.
Features:
Stay Secure: Receive the latest security patches and updates promptly, reducing the risk of vulnerabilities being exploited.
Remain Compatible: Keep your deployment compatible with the latest operating system updates and other software changes.
Receive New Features: You get access to new features and improvements to exfiltration monitoring without manual intervention.
Minimize Administrative Overhead: IT administrators don't need to manually deploy updates to each endpoint, saving time and resources.
Last updated
Was this helpful?