Apple Mobile File Integrity Disabled

Apple Mobile File Integrity (AMFI) enhances the security of the macOS platform by enforcing code signature validation for all apps and executable files that run on macOS devices. During development, temporarily disabling AMFI may be required in order to run and test unsigned or self-signed applications.

Creating a new Apple Mobile File Integrity Disabled policy

To create a new Apple Mobile File Integrity Disabled policy:

  1. From the Device Posture tab, select + ADD :

    Add new device posture policy

  2. Select Add to macOS .

    Coro displays the Add new device policy to macOS dialog.

    note

    The Apple Mobile File Integrity Disabled device policy is currently supported for macOS devices.

  3. Select Apple Mobile File Integrity Disabled from the Select policy type dropdown:

    Add new Apple Mobile File Integrity Disabled policy

  4. Select the policy Action :
    • Review : No auto-remediation is performed and a ticket is raised and classified as requiring review. The ticket remains open until either the admin user closes it manually or the vulnerability is observed by the Coro endpoint agent as being resolved.
    • Enforce : Auto-remediation is performed, recorded in a ticket, and the ticket is auto-closed.
  5. Enter label names (predefined or custom) to the Labels field listed under Apply policy to devices with these labels to apply the new policy to specific groups of devices.

    Apply device policy labels

  6. Select SAVE .

    Coro creates the policy with the configured settings.

    note

    When Apple Mobile File Integrity is disabled on a macOS device, an Apple Mobile File Integrity disabled ticket type is created.

Select the dropdown next to Apple Mobile File Integrity Disabled on the Device Posture tab to view the policy. See Device posture configuration overview.

Coro displays the following policy details:

  • Device labels applicable to the policy.
  • The action(s) applicable to the policy, for example, Enforce .

    View Apple Mobile File Integrity Disabled policy