# Printer Support

Intercepts documents sent to the print queue before they reach a physical or virtual printer. Nightfall evaluates the document at the OS print subsystem level (CUPS on macOS).

Domain collections are not used for this trigger. Monitoring scope is configured by printer selection directly on the policy.

> **Platform note:** Printer monitoring is supported on **macOS only**. Windows support is not yet available.

**Scope options**

* All printers connected to the endpoint.
* Specific printers by name or type, including virtual printers.

**Common use cases**

* Prevent printing of customer records, payroll data, or legal documents on unmanaged or shared printers.
* Alert when confidential documents are sent to virtual printers (Print to PDF, Save as PDF) — a common exfiltration path users do not perceive as data movement.
* Block printing to fax-to-email or cloud print services running on the endpoint.

**Policy recommendations**

* Always include virtual printers in scope. "Print to PDF" is one of the most common unintentional exfiltration vectors on macOS.
* Scope block actions to all printers except approved print server destinations in environments with dedicated secure print rooms.
* Deploy alongside Removable Media policies for full physical exfiltration coverage.