Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Huntress Agent for macOS
Environment: macOS
Summary: The Huntress Configuration Wizard can be used to set up the permissions needed to ensure proper functionality of the Huntress EDR Agent.
In this document:
Using the Huntress Configuration Wizard
Huntress Agent Full Disk Access
Installing the Huntress System Extension and Network Filter
On macOS Sequoia (15)
On macOS Sonoma (14) and Earlier
Huntress System Extension Full Disk Access
Please see Using the Huntress Configuration Wizard on a MDM Managed Installation for MDM specific directions.
Prerequisites
The Huntress Configuration Wizard is available starting from Huntress Agent version 0.13.252. Administrator privileges are required to complete the steps presented in the Wizard.
Using the Huntress Configuration Wizard (non MDM installs)
You can start the Wizard with a double-click on the application at /Applications/Huntress.app.
Then you will be guided through the necessary steps to configure the Huntress Agent.
Welcome Screen
The Wizard displays this screen whenever your device needs to be configured. Click “Next” to proceed to the next step.
Huntress Agent Full Disk Access
If the Huntress agent needs Full Disk Access, the Wizard will show the following screen:
Click “Allow” to launch the System Settings. You should see the following screen. Click on the toggle next to “Huntress” and make sure it is enabled. The System may prompt you to enter your credentials. Once done, close the System Settings window to return to the Wizard.
Installing the Huntress System Extension and Network Filter
If the System Extension is not installed, the Wizard will display the following screen:
Click “Install” to install the extension. The system will immediately present the dialog below.
Click “Open System Settings” to enable the Huntress Extension. Go to this section for the next steps.
Don’t worry if you accidentally clicked “OK”. In that case, the Wizard will display a helper screen. Jump to the right section for:
On macOS Sequoia (15):
Click the link to open the system “Login Items & Extensions” section. Navigate to open the panel to enable the Huntress System Extension:
Click the info button next to “Endpoint Security Extensions." This will open the panel below:
Make sure the toggle for “Huntress” is enabled. You will be prompted to enter your credentials. Click “Done” to continue. Once complete, Approve the Network Filter.
On macOS Sonoma (14) and earlier:
Click the link to open the System Settings. Navigate to open the panel to enable the Huntress System Extension and choose “Details” to open the panel to enable the extension.
Make sure the toggle for “Huntress” is enabled. You will be prompted to enter your credentials. Click “OK” to continue. Once complete, Approve the Network Filter.
Approving the Network Filter
As soon as the Huntress System Extension is installed, the system will display the following prompt:
Be sure to click “Allow” to enable network filtering. This is essential for host isolation. Then close the System Settings and return to the Huntress Wizard.
Huntress System Extension Full Disk Access
If the Huntress System Extension needs Full Disk Access, the Wizard will show the following screen:
Click “Allow” to open the System Settings. Make sure the toggle is enabled for Huntress System Extension. You may be prompted to enter your credentials. Close the System Settings window and return to the Wizard.
Final Screen
Congratulations! If everything is fully configured, the Wizard will display the following screen:
Click “Finish” to close the window.
Your device should show up in the Huntress Portal within 15 to 30 minutes.
Using the Huntress Configuration Wizard on a MDM Managed Installation
If your Huntress agent is being managed by a MDM Configuration Profile, the Wizard will display an informational screen to show what might cause a potential misconfiguration issue. In the example below, the Wizard informs you that the Huntress System Extension is not installed because of a Configuration Profile misconfiguration.
In this case, the remediation should be done by correcting the Configuration Profile that was used to deploy the extension.
If the Huntress Agent is properly configured, then you will see the Final Screen.