macOS Sensor Installation - Latest OS Versions

# macOS Sensor (macOS 10.15 and newer)

This document provides details of how to install, verify, and uninstall the LimaCharlie sensor on macOS (versions 10.15 and newer). We also offer documentation for macOS 10.14 and prior.

Installation Flow

1. Download the Sensor installer file. Installer for: Intel Mac -or- Apple Silicon Mac.

2. Add execute permission to the installer file via the command line

chmod +x lc_sensor

3. Run the installer via the command line. You'll pass the argument -i and your installation key.

sudo ./lc_sensor -i YOUR_INSTALLATION_KEY_GOES_HERE

You can obtain the installation key from the Installation Keys section of the LimaCharlie web application.

The sensor will be installed as a launchctl service. Installation will trigger the sensors enrollment with the LimaCharlie cloud.

4. An application (RPHCP.app) will be installed in the /Applications folder and will automatically launch. You will be prompted to grant permissions for system extensions to be installed.

5. Click the "Open System Preferences" button

6. Unlock the preference pane using the padlock in the bottom left corner, then click the Allow button next to System software from application "RPHCP" was blocked from loading.

7. You'll be prompted to allow the application to Filter Network Content. Click the Allow button.

8. You'll be prompted to grant Full Disk Access. Check the checkbox next to the RPHCP app in System Preferences -> Privacy -> Full Disk Access

The installation is now complete and you should see a message indicating that the installation was successful.

Verifying Installation

To verify that the sensor was installed successfully, you can log into the LimaCharlie web application and see if the device has appeared in the Sensors section. Additionally, you can check the following on the device itself:

In a Terminal, run the command:

sudo launchctl list | grep com.refractionpoint.rphcp

If the agent is running, this command should return records as shown above.

You can also check the /Applications folder and launch the RPHCP.app.

The application will show a message to indicate if the required permissions have been granted.

As described in the dialog, the RPHCP.app application must be left in the /Applications folder in order for it to continue operating properly.

A note on permissions

Apple has purposely made installing extensions (like the ones used by LimaCharlie) a process that requires several clicks on macOS. The net effect of this is that the first time the sensor is installed on a macOS system, permissions will need to be granted via System Preferences

Currently, the only way to automate the installation is to use an Apple-approved MDM solution. These solutions are often used by large organizations to manage their Mac fleet. If you are using such a solution, see your vendor's documentation on how to add extensions to the allow list which can be applied to your entire fleet.

We're aware this is an inconvenience and hope Apple will provide better solutions for security vendors in future.

Uninstallation Flow

To uninstall the sensor:

1. Run the installer via the command line. You'll pass the argument -c

sudo ./hcp_osx_x64_release_4.23.0 -c

2. You will be prompted for credentials to modify system extensions. Enteryour password and press OK.

The related system extension will be removed and the RPHCP.app will be removed from the /Applications folder.

3. You should see a message indicating that the uninstallation was successful.

Installer Options

When running the installer from the command line, you can pass the following arguments:

-v: display build version.
-q: quiet; do not display banner.
-d <INSTALLATION_KEY>: the installation key to use to enroll, no permanent installation.
-i <INSTALLATION_KEY>: install executable as a service with deployment key.
-r: uninstall executable as a service.
-c: uninstall executable as a service and delete identity files.
-w: executable is running as a macOS service.
-h: displays the list of accepted arguments.

Using MDM Solutions

See our document macOS Agent Installation with MDM Solutions for the Mobile Device Management (MDM) Configuration Profile that can be used to deploy the LimaCharlie agent to an enterprise fleet.