Installer OSX

Once the installer has downloaded double click the package from your downloads folder to start the installation.

Warning

For MacOSX 10.15 (Catalina) Osquery requires a custom profile be applied to the system which can only be installed via an MDM.

Installer OSX (MDM)

If this profile is not applied via an MDM not all aspects of Zercurity will work.

../_images/installer_osx_01.png
../_images/installer_osx_02.png
../_images/installer_osx_03.png

If the package fails to run then you’ll need to check your security settings under the OSX Security & Privacy, System Preferences.

Introduction Gives a brief summary of what this installer will do, including the packages that will be installed.

Read Me Gives a more in-depth breakdown of the packages that will be installed and links to the relevant documentation.

License Zercurity’s license agreement. Please take the time to read through this.

Destination Select By default Zercurity will and must be installed to the primary disk on your Mac. Please do not change the destination path unless you know what you’re doing.

Installation Type By default all packages will be installed. We recommend not changing the packages that will be installed unless you’ve customised or pre-compiled the binaries yourself.

Note

System extension blocked During the installation you will be asked to provide access to the Santa system extension. This service requires special system access to order to block applications from running as part of Zercurity’s application white/backlisting service.

Final steps

../_images/installer_osx_04.png

Installation The installation will now take place. This will take a few minutes to install the various packages and register with the Zercurity server.

Finish Once the installer has finished the asset should now already be listed within the Zercurity Assets tab.

Warning

If you’re not using an MDM there are some final steps that must be taken.

Users have to explicitly grant access to each component in order for them to work under Apple’s new transparency consent and control framework (TCC).

Final steps

From “System Preferences” find the “Security & Privacy” submenu. During the installation you will have been promoted to give Santa special permission to load the following extension.

Select “Open Security Preferences”

../_images/installer_osx_error_02.png

From here use the “Padlock icon” in the lower left to unlock the settings pane. You will be prompted for your administrator password.

You should then see the message: “System software from application “Santa” was blocked from loading.”

Use the “Allow” button to grant access.

../_images/installer_osx_error_03.png

Finally, from the “Privacy” tab along the top menu. Make sure that Full Disk Access has been granted to both: com.zercurity.osqueryd and com.google.santa.daemon.systemextension.

../_images/installer_osx_error_04.png

If you’ve had to manually complete any of those steps. We recommend restarting your computer so those changes can take affect. If you’re having trouble getting the asset to appear in Zercurity please see our Troubleshooting steps.

Summary This is the final part of the installation. Upon a successful installation you can now visit the Assets section on the Zercurity dashboard to see your new asset.