VMware Workspace ONE Community
foschierauiliam
Contributor
Contributor
‎04-13-2022 04:44 AM
Jump to solution

macOS - Full Disk Access profiles not being applied

Hi all,

Anyone else having problems with profiling for full disk access? Following the recommendations of each manufacturer, for several different apps (EDR, AV, privilege management application, among others), I succeed in applying authorizations for system extensions, for other permissions in "privacy settings", but I am not succeeding to specifically enforce full disk access permissions. Tested both by entering options in the privacy profile and importing custom settings by file generated through the PPPC app.
Behavior occurring with both the BigSur and Monterrey macOS versions. We use cloud console, which is in version 2111. Support ticket already opened with VMware, but still under analysis.

Another point, in this same context... for you, does the "com.vmware.hub.EndpointSecurity" extension (relating to the Intelligent Hub agent) have full disk access permission in the privacy settings?

Regards

Uiliam M.

Labels (2)
Reply
1 Solution

Accepted Solutions
PaulJones76
Contributor
Contributor
‎08-11-2022 02:28 AM
Jump to solution

Hi,
I has the exact same issue with Forcepoint Neo, Palo Cortex XDR and Forcepoint DLP.
All 3 products require FDA and I configured the Privacy Profiles as per vendor instructions.
The BUNDLE configurations always appeared correctly but the PATH based ones did not show either in the GUI (under Privacy FDA) or when I ran the mysql command to query the files/bundles with FDA access.
What I discovered is that those settings were actually applied correctly they just do not show anywhere when applied via UEM profile so appear to not be configured. I now have all three products working correctly (Monterey).
VMWare did not know anything about this when I raised a ticket, they even said that path based privacy settings were not possible via WS1, they were mistaken.
I hope this helps clarify for you. If you have a product you want me to test on my setup let me know I would be happy to help.

View solution in original post

Reply
4 Replies
PaulJones76
Contributor
Contributor
‎08-11-2022 02:28 AM
Jump to solution

Hi,
I has the exact same issue with Forcepoint Neo, Palo Cortex XDR and Forcepoint DLP.
All 3 products require FDA and I configured the Privacy Profiles as per vendor instructions.
The BUNDLE configurations always appeared correctly but the PATH based ones did not show either in the GUI (under Privacy FDA) or when I ran the mysql command to query the files/bundles with FDA access.
What I discovered is that those settings were actually applied correctly they just do not show anywhere when applied via UEM profile so appear to not be configured. I now have all three products working correctly (Monterey).
VMWare did not know anything about this when I raised a ticket, they even said that path based privacy settings were not possible via WS1, they were mistaken.
I hope this helps clarify for you. If you have a product you want me to test on my setup let me know I would be happy to help.

Reply
foschierauiliam
Contributor
Contributor
‎08-11-2022 05:18 AM
Jump to solution

Hello Paul, thank you for reply.

After talk with some vendors (my main issue was with CrowdStrike EDR), they give me same instruction that you. Some settings does not appear in GUI settings, but doesn't mean that settings are not applied. They show me a command that query TCC database (or something else, I can't remember now) and shows FDA enabled for their application/agent.

Regards

Reply
0 Kudos
Daejong
Contributor
Contributor
‎01-03-2023 02:54 PM
Jump to solution

Global Protect and SentinelOne in Palo Alto also do not apply the full disk access profile. Is there any solution?

Reply
0 Kudos
yulbi
Contributor
Contributor
‎01-11-2023 09:31 PM
Jump to solution

How did you solve this problem?

Reply
0 Kudos