System Integrity Protection Disabled
System Integrity Protection (SIP) protects the entire system by preventing the execution of unauthorized code on macOS devices. During development, temporarily disabling SIP may be required in order to install and test code.
Creating a new System Integrity Protection Disabled policy
To create a new System Integrity Protection Disabled policy:
-
From the
Device Posture
tab, select
+ ADD
:
-
Select
Add to macOS
.
The Add new device policy to macOS dialog appears.
note
The System Integrity Protection Disabled device policy is currently supported for macOS devices.
-
Select
System Integrity Protection Disabled
from the
Select policy type
dropdown.
-
Select the policy
Action
:
- Review : No auto-remediation is performed and a ticket is raised and classified as requiring review. The ticket remains open until either the admin user closes it manually or the vulnerability is observed by the Coro endpoint agent as being resolved.
-
Enter label names (predefined or custom) to the
Labels
field listed under
Apply policy to devices with these labels
to apply the new policy to specific groups of devices.
-
Select
SAVE
.
The policy is created with the configured settings.
note
When System Integrity Protection is disabled on a macOS device, a System Integrity Protection disabled ticket type is created.
The policy can be viewed by selecting the dropdown next to Apple Mobile File Integrity Disabled on the Device Posture tab. See Device posture configuration overview.
The following policy details are displayed:
- Device labels applicable to the policy.
-
The action(s) applicable to the policy, for example,
Review
.