Contents x
    macOS Sensor Installation - Latest OS Versions
    • 11 Apr 2024
    • 3 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    Contents
      This documentation version is deprecated, please click here for the latest version.

    macOS Sensor Installation - Latest OS Versions

    • Updated on 11 Apr 2024
    • 3 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    # macOS Sensor (macOS 10.15 and newer)

    This document provides details of how to install, verify, and uninstall the LimaCharlie sensor on macOS (versions 10.15 and newer). We also offer documentation for macOS 10.14 and prior.

    Installation Flow

    1. Download the Sensor installer file. Installer for: Intel Mac -or- Apple Silicon Mac.

    2. Add execute permission to the installer file via the command line

    chmod +x lc_sensor

    1. Run the installer via the command line. You'll pass the argument -i and your installation key.

    sudo ./lc_sensor -i YOUR_INSTALLATION_KEY_GOES_HERE

    Basic installation

    You can obtain the installation key from the Installation Keys section of the LimaCharlie web application.

    The sensor will be installed as a launchctl service. Installation will trigger the sensors enrollment with the LimaCharlie cloud.

    Installation success

    1. An application (RPHCP.app) will be installed in the /Applications folder and will automatically launch. You will be prompted to grant permissions for system extensions to be installed.

    Permissions required

    1. Click the "Open System Preferences" button

    System Extensions Required

    1. Unlock the preference pane using the padlock in the bottom left corner, then click the Allow button next to System software from application "RPHCP" was blocked from loading.

    Unlocked

    1. You'll be prompted to allow the application to Filter Network Content. Click the Allow button.

    Network filter

    1. You'll be prompted to grant Full Disk Access. Check the checkbox next to the RPHCP app in System Preferences -> Privacy -> Full Disk Access

    Full disk access

    The installation is now complete and you should see a message indicating that the installation was successful.

    Success

    Verifying Installation

    To verify that the sensor was installed successfully, you can log into the LimaCharlie web application and see if the device has appeared in the Sensors section. Additionally, you can check the following on the device itself:

    In a Terminal, run the command:

    sudo launchctl list | grep com.refractionpoint.rphcp

    Successful installation verification

    If the agent is running, this command should return records as shown above.

    You can also check the /Applications folder and launch the RPHCP.app.

    Applications folder

    The application will show a message to indicate if the required permissions have been granted.

    App installed correctly

    As described in the dialog, the RPHCP.app application must be left in the /Applications folder in order for it to continue operating properly.

    A note on permissions

    Apple has purposely made installing extensions (like the ones used by LimaCharlie) a process that requires several clicks on macOS. The net effect of this is that the first time the sensor is installed on a macOS system, permissions will need to be granted via System Preferences

    Currently, the only way to automate the installation is to use an Apple-approved MDM solution. These solutions are often used by large organizations to manage their Mac fleet. If you are using such a solution, see your vendor's documentation on how to add extensions to the allow list which can be applied to your entire fleet.

    We're aware this is an inconvenience and hope Apple will provide better solutions for security vendors in future.

    Uninstallation Flow

    To uninstall the sensor:

    1. Run the installer via the command line. You'll pass the argument -c

    sudo ./hcp_osx_x64_release_4.23.0 -c

    Uninstall progress

    1. You will be prompted for credentials to modify system extensions. Enteryour password and press OK.

    Uninstall permissions

    The related system extension will be removed and the RPHCP.app will be removed from the /Applications folder.

    1. You should see a message indicating that the uninstallation was successful.

    Uninstall success

    Installer Options

    When running the installer from the command line, you can pass the following arguments:

    -v: display build version.
-q: quiet; do not display banner.
-d <INSTALLATION_KEY>: the installation key to use to enroll, no permanent installation.
-i <INSTALLATION_KEY>: install executable as a service with deployment key.
-r: uninstall executable as a service.
-c: uninstall executable as a service and delete identity files.
-w: executable is running as a macOS service.
-h: displays the list of accepted arguments.

    Using MDM Solutions

    See our document macOS Agent Installation with MDM Solutions for the Mobile Device Management (MDM) Configuration Profile that can be used to deploy the LimaCharlie agent to an enterprise fleet.

    Was this article helpful?
    What's Next