Nightfall Documentation
  • Data Detection and Response
  • Posture Management
  • Data Exfiltration Prevention
  • Data Encryption
  • Developer APIs
  • Data Classification and Discovery
  • Nightfall Exfiltration
  • What is Data Exfiltration
  • Nightfall Detection Platform
    • Nightfall Detection Platform
  • Exfiltration Prevention for Google Drive
    • Installing Nightfall for Google Drive
    • Configuring Integration Alerts
    • Configuring Google Drive Policies
      • Google Drive App Selection
      • Scope
      • Trigger
      • Automated Actions
      • Creating Policy
    • Remediation for Google Drive Exfiltration
  • Exfiltration Prevention for Endpoint
    • Endpoint Exfiltration Prevention
    • Install Nightfall AI Agent for MAC OS
      • Manual Installation
      • Nightfall Agent Deployment with Kandji MDM
      • Nightfall Agent Deployment with Rippling MDM
      • Nightfall Agent Deployment with JAMF MDM
    • Install Nightfall AI Agent for Windows OS
      • Manual Installation
      • Nightfall Windows Agent Deployment: Rippling MDM
      • Nightfall Windows Agent Deployment: Generic MSI Deployment
    • Configuring Integration Alerts
    • Configuring Policies
      • MAC/Windows App Selection
      • Scope
      • Trigger
      • Advanced Settings
        • Admin Alerting
        • Automated Actions
        • End-User Notifications
      • Creating Policy
      • Remediation for MAC OS Policies
      • FAQs
      • Remediation for Windows OS Policies
  • Exfiltration Prevention for Salesforce
    • Nightfall Exfiltration for Salesforce
    • Installing Nightfall Exfiltration for Salesforce
    • Upgrading Nightfall DLP
    • Configuring Integration Alerts
    • Configuring Salesforce Exfiltration Policies
      • Salesforce App Selection
      • Scope
      • Trigger
      • Advanced Settings
      • Creating Policy
      • Remediation for Salesforce Exfiltration
Powered by GitBook
On this page
  • Stealth Mode Installation
  • Use cases
  • Stealth Mode Installation Process
  • Nightfall Agent Auto Update

Was this helpful?

Export as PDF
  1. Exfiltration Prevention for Endpoint

Install Nightfall AI Agent for MAC OS

PreviousEndpoint Exfiltration PreventionNextManual Installation

Last updated 19 days ago

Was this helpful?

Nightfall for macOS allows you to detect exfiltration events on your macOS devices. The Nightfall exfiltration feature can monitor any files being uploaded through supported cloud storage apps or browsers on macOS devices.

To use Nightfall for macOS, you must install the Nightfall AI agent. This agent monitors your macOS device continuously. You can install the agent either manually or through a mobile device management (MDM) tool. You can request the Nightfall deployment bundle, which contains the .pkg and other pre-installation scripts required for your MDM deployment.

Stealth Mode Installation

You can install the Nightfall AI macOS agent in stealth/hidden mode. Installing the agent in stealth mode allows you to silently deploy the Nightfall agent without any visible UI elements and without user distraction. When you install the agent in silent mode, the Nightfall status bar is hidden. Additionally, the Nightfall application will not be visible in the Applications folder when viewed in Finder. However, stealth mode installation does not prevent the agent from working at full capacity.

Use cases

  • Covert Monitoring: If an organization suspects an employee of exfiltrating sensitive data, they can install the agent in stealth mode to monitor the employee's asset without the employee's knowledge.

  • Ensuring Bias-Free Compliance: An organization wishes to confirm if their employees are adhering to HIPAA/PCI compliances; they can install the agent in stealth mode without giving any indication to their employees (which can prompt a change in their behavior).

  • Prevent User Distractions: Organizations that do not wish to distract their users about the agent installation and monitoring can use the stealth mode.

Stealth Mode Installation Process

  1. In the mdm_pre_installation_script.shfile, find the hide_status_iconflag.

  2. Set the flag to true. By default, the flag is set to false⁣.

Stealth mode installation hides the agent only from UI. Employees can find Nightfall if they navigate to the Application folder via Terminal.

Nightfall Agent Auto Update

Nightfall employs the automatic endpoint update functionality. With this feature, Nightfall can deliver the majority of endpoint agent bug fixes and feature updates directly to endpoints.

Features:

  • Stay Secure: Receive the latest security patches and updates promptly, reducing the risk of vulnerabilities being exploited.

  • Remain Compatible: Keep your deployment compatible with the latest operating system updates and other software changes.

  • Receive New Features: You get access to new features and improvements to exfiltration monitoring without manual intervention.

  • Minimize Administrative Overhead: IT administrators don't need to manually deploy updates to each endpoint, saving time and resources.

Manual Installation
Installation using the Kandji MDM
Installation using the Rippling MDM
Installation using the JAMF MDM