Skip to main content

Manual Installation

This method of installing the Sensor is recommended for connectivity testing purposes only and is not supported by Cyberhaven.

To operate successfully, Cyberhaven needs several privacy permissions on the endpoint device which can be granted by deploying an MDM profile. However, if you choose to manually install the Sensor, you must manually make the changes to the endpoint device's configuration by running the configure.zsh script after installation.

macOS Sensor Manual Installation Steps

  1. Download Cyberhaven from the Endpoint Sensors page of the Cyberhaven dashboard and open the .pkg installer file to install like a regular macOS package.

  2. By default, the Cyberhaven macOS Sensor retrieves the backend URL from the MDM profile. If the MDM profile has not been deployed, you must set the backend URL manually using the configure.zsh script. To do this, open the Cyberhaven Console and navigate to Endpoint Sensors > Sensor Installers > macOS. Locate the line that starts with sudo backend, then click the "+" icon to copy the full command to your clipboard.

  3. Open a Terminal window, paste the command then hit "return". The install script will run and install the macOS sensor.

    info

    NOTE After manually installing the macOS Sensor on a device, it may appear as "Non-functional Sensor" on the Endpoint Sensors page within the Cyberhaven Console, even though the Sensor is operating as intended. To confirm that the Sensor is active, check the "Last Active" column on the Endpoint Sensors page, which shows the most recent activity timestamp for the device.

  4. After you install Cyberhaven, grant the following permissions in System Settings > Privacy & Security.

    • Full Disk Access: Required for the sensor to monitor filesystem activity and application file access via Apple's Endpoint Security framework.
    • Accessibility: Required to read UI context, such as window titles. It also observes user actions like copy/paste and drag-and-drop. It serves as a backup for browser upload detection when needed.
    • Automation: Required to send Apple Events to apps such as Finder, Safari, Chrome, and Outlook for URL extraction and policy actions when the extension path is unavailable.
    • Screen Recording (if enabled): Required to attach incident screenshots. Users must allow Screen Recording in Privacy & Security.
    info

    NOTE The user might be prompted for these permissions either immediately or in the future, depending on when they use one of the following apps: Safari, Chrome, Outlook, and Finder.

  5. You must also manually install the browser extensions as they are otherwise deployed via MDM profile installation.