Web Security - Mimecast Security Agent for Mac

Updated
This article how to deploy, configure, disable/enable and uninstall the Mimecast Security Agent for Mac on roaming Mac devices, to work in conjunction with the Mimecast Web Security feature, and is intended for use by Administrators.

Prerequisites

      • You have an Administrator role, with permission to access the Web Security section, in the Administration Console.
      • Prerequisites for Mimecast Web Security have been met.
      • The local DNS resources have Exceptions defined to enable your trusted domains and IPs to bypass the Mimecast Web Security functionality. See
      • Managing Exceptions.
      • Mimecast Security Agent Settings have been configured. See Managing MSA Settings.
      • Your managed endpoint systems are using a Network Time Provider to ensure accurate system clocks.
      • Your Mac device has a supported OS version: these are macOS 10.13 to macOS 10.15, macOS 11, macOS 12, macOS 13, macOS 14.
      • Your Mac device has Administration privileges set up on it.
      • We recommend your browser uses macOS Trust Store for Certificate of Authority.  See the List of Available Trust Root Certificates in macOS in Apple's Support documentation.

Installing the Mimecast Security Agent for Mac

Downloading the installer files

You can download the installer files for the Mimecast Security Agent for Mac by using the following steps:

  1. Log on to the Mimecast Administration Console.
  2. Navigate to Web Security | Agent Settings. The Installation tab displays by default.
  3. Click on Download for Mac.
  4. The installer file downloads to your browser's download location, as "Mimecast Security Agent.zip".
  5. Unzip the downloaded file.
  6. Once unzipped, you will see:
      • A top-level folder "Mimecast Security Agent", containing two PKG files:
        • Mimecast Security Agent 1.x, which supports macOS High Sierra (10.13) to macOS Catalina (10.15).
        • Mimecast Security Agent 2.xwhich supports macOS11 Big Sur and above.
      • A sub-folder "Mimecast Security Agent Configuration", which contains a configuration file CustomerKey.

Once you have downloaded and unzipped the  installer files, do not change the file or folder names, or the folder hierarchy.
This is to ensure that the configuration file is located successfully, during the installation process.

The CustomerKey configuration file should contain the same Active Authentication Key value that is displayed under Web Security | Agent Settings Active Authentication Key via the Administration Console, for your account.

Installing the Mimecast Security Agent for Mac - macOS High Sierra (10.13) to macOS Catalina (10.15)

This section describes how to install the Mimecast Security Agent for Mac, for machines using macOS High Sierra (10.13) to macOS Catalina (10.15).

The installer must be run as an Administrator.

You can install the Mimecast Security Agent for Mac, by using the following steps:

  1. Launch the Mimecast Security Agent installer to start the setup wizard.
  2. Click on Continue.
  3. Select the local disk on the Destination Select tab, to install the Mimecast Security Agent.
  4. Click on Continue.
  5. On the Installation Type tab, select the local folder for Mimecast Security Agent software installation. Click on the Change Install Location button if required.
  6. Click on Install.
  7. Enter your Mac administration credentials in the User Name and Password fields.
  8. Click on Install Software.
  9. During the installation, the Mimecast Security Agent displays on the menu bar with an exclamation mark.
    Once the security agent is installed, its status is displayed as Protected.

    If you're using macOS 10.15.4, a warning is displayed when installing the Mimecast Security Agent for Mac, informing you that kernel extensions will no longer be supported in future Apple updates.

    Click OK to continue.

  10. Click on Close to exit the wizard.

For macOS High Sierra, an authorization process is used when installing third-party kernel extensions (kexts) for the first time. You must authorize the installation if the Mimecast Security Agent hasn't been installed on your Mac. You can preauthorize the kext on behalf of your users, via your preferred Mobile Device Management (MDM) solution.

If you have unmanaged Macs, the System Extension Blocked dialog is displayed, and you need to use the following steps:

  1. Click on OK to continue.
  2. Click on Allow to unblock the system software.

If you don't follow this step, the Mimecast Security Agent runs in unprotected mode, and won't filter DNS requests. You'll also be periodically prompted to authorize the installation. See the Prepare for Change to Kernel Extensions in macOS High Sierra page in the Apple help for further details.

Installing the Mimecast Security Agent for Mac - macOS11 Big Sur and above

This section describes how to install the Mimecast Security Agent for Mac, for machines using macOS Big Sur (11), Monterey (12 - Intel or M1), Ventura (13 - Intel or M1), and Sonoma (14 - Intel or Apple Silicon Chipset).

The installer must be run as an Administrator.

You can install the Mimecast Security Agent for Mac, by using the following steps:

  1. Launch the Mimecast Security Agent installer to start the setup wizard.
  2. Click on Continue.
  3. Select the local disk on the Destination Select tab to install the Mimecast Security Agent software.
  4. Click on Continue.
  5. On the Installation Type tab, select the local folder for Mimecast Security Agent software installation. 
  6. Click on Install.
  7. Enter your Mac administration credentials in the User Name and Password fields.
  8. Click on the Install Software button. 
  9. Click on OK to allow the installer access to files on the machine.
      Mimecast Security Agent installer
  10. When warned that the Mimecast Security Agent System Extension has been blocked, click on Open Security Preferences.
      Installing the Mimecast Security Agent
  11. In Security and Privacy, click the padlock icon to unlock it.
  12. Enter your admin Password.
  13. Click on Allow for the Mimecast Security Agent.
  14. Click on Allow to allow the Mimecast Security Agent to add DNS Proxy Configurations.
      Installing the Mimecast Security Agent
  15. Click on the Close button to exit the wizard.

Deploying the Mimecast Security Agent for Mac using JAMF / MDM

You can deploy the Mimecast Security Agent using JAMF/MDM, by using the following steps:

  1. Create a package with the installer package and a folder with the token.

    Do not rename the folder or the customer key, or change the folder structure.

  MSA folder structure
  1. Deploy the package to a location on the client's Mac device.
  2. Run the following scripts using the files and process option:
  3. To install the installer: 
    sudo installer -pkg /path/to/msa_installer.pkg -target /

    Example:

    sudo installer -pkg /Library/Application\ Support/Mimecast/MSA/ Mimecast_Security_Agent_for_macOS_11_plus_2.0.1_93.pkg
-target /
  4. To remove the installer from the device: 
    /; rm -r /Library/Application\ Support/Mimecast/MSA/
      • When deploying the Mimecast Security Agent for Mac using JAMF/MDM for Big Sur (macOS 11) and above, we recommend using the device profile to grant application permissions. 
      • To approve the DNS Proxy System extension without user interaction, download and push the MSA DNS Proxy System extension.mobileconfig to the target device using JAMF/MDM.
      • To create your own device profile, you will need to include the following attributes under the System Extension:
Bundle ID com.mimecast.macos.netext.dnsproxy
Team  7NM7G573E4
Allowed Extension Type Network

Automatic Device Enrollment

You must grant full desk access if you’re using Automatic Device Enrollment for TTP and require Safari support, and additional configuration is needed. This isn’t a requirement for Chrome or Firefox.
See Auto Device Enrollment.

You can configure Automatic Device Enrollment for TTP, by using the following steps:

  1. Open System Preferences.
  2. Click on Security & Privacy.
  3. Go to the Privacy tab, scroll to the Full Disk Access option, and unlock the padlock.
  4. Locate the Mimecast Security Agent option and click Open.
  5. Click on Quit Now.
      Request for Full Disk Access
  6. Mimecast Security Agent is now displayed with the checkbox ticked.


You can grant full access using JAMF/MDM without user interaction for Automatic Device Enrollment, by using the following steps: 

  1. Download the configuration profile.
  2. Use JAMF/MDM deploy the config file to the target device.
  3. To verify that the the profile has been deployed successfully:
      • Navigate to System Preferences.
      • Click on Profiles.
  Mac profiles

Confirming that the Mimecast Security Agent for Mac is running

You can confirm that the Mimecast Securing Agent is running on your Mac, by using the following steps:

  1. Ensure that the Mimecast Security Agent icon is displayed in the Menu Bar.
  2. Click on the Mimecast Security Agent icon to display the drop-down menu
  3. Ensure that a green tick and Protected is displayed.
      MSA is Protected

You can view details for the Protected Device via Protected Devices, where and entry is displayed for your protected machine.
To gather diagnostic data, view Mimecast Security Agent Diagnostics Data.

Disabling / Enabling the Mimecast Security Agent for Mac

You can disable / enable the Mimecast Security Agent, by using the following steps:

  1. Click on the Mimecast Security Agent icon in the Menu Bar.
  2. Click on the Preferences menu item.
      Disable / Enable MSA
  3. Click on either the:
      • Disable Agent button to disable protection on the agent.
      • Enable Agent button to enable protection on the agent.

        Disabling the Mimecast Security Agent for Mac requires users to have a password provided by their administrator. You can find this at Web Security | Agent Settings, by clicking on the Passwords tab. See Managing MSA Settings.

  1. Click on OK.

Uninstalling the Mimecast Security Agent for Mac

You can uninstall the Mimecast Security Agent for Mac, by using the following steps:

  1. Navigate to the Applications folder.
  2. Locate the Remove Mimecast Security Agent application.
      Remove Mimecast Security Agent
  3. Run the Remove Mimecast Security Agent application, and follow the guide to remove the software.

    You may be prompted for a password to uninstall the Mimecast Security Agent for Mac depending on your settings, see Managing MSA Settings.

You can uninstall the Mimecast Security Agent for Mac using JAMF/MDM, by using the following steps:

  1. Mimecast Security Agent 1.x:
        • Run the following script: 
          sudo installer -pkg /Applications/Remove\ Mimecast\ Security\ Agent.app/Contents/Resources/Remove\ Mimecast\ Security\ Agent.pkg  -target /
  1.   Mimecast Security Agent 2.x

    There is a known issue with the uninstaller package that prevents script access.

    This will not be fixed.

    If you are uninstalling the Mimecast Security Agent 2.x organization-wide, contact Mimecast support for assistance.

Mimecast Security Agent Diagnostics Data

Gathering diagnostic information

You can gather diagnostic information for the Mimecast Security Agent for Mac, by using the following steps:
  1. Click on the Mimecast Security Agent icon in the Menu Bar. 
  2. Select Diagnostics | Export from the drop-down menu.
      Navigating to diagnostics
  3. Click on the Next button after reviewing the Mimecast data collection policies.
  4. Click the Export Diagnostics button to display the folder selection dialog.
  5. Click on Collect Diagnostics after selecting appropriate diagnostic settings.
  6. Locate the required folder, and click on Select Folder.

    Full Log Archive collects information on all processes running on the system.

    Text file (less detailed) collects information on the Mimecast Security Agent processes. In most cases, the default settings should be used.

  7. The export process exports a zipped file on the desktop, and automatically opens it in Finder. This may take a few minutes.
      Zipped diagnostics file
  8. Email the zipped file to Mimecast Support. See Raising a Case.

About the diagnostic information gathered

The diagnostic information gathered for Mimecast Security Agent includes:

  • Log Files: The diagnostic information in the log files is dependent on whether the log has been exported to a plain text file or the full log archive. If using the full log archive, a macOS administrator account is required.
    • Plain Text Files: The logs only contain messages that were created in the MSA's processes and our kernel extension. This includes those created directly by Mimecast's code and any generated by macOS code running in Mimecast's processes.
    • Full Log Archive: The logs contain all log messages created by all processes, as well as any created by the kernel and kernel extensions.

We have no control over what information included in the log files by third party applications, which may log sensitive information.

  • MSA Configuration Information: we collect the:
    • Customer token used by the account.
    • Policies and settings relevant to the Mimecast Security Agent configured in the Administration Console.
    • Mimecast cloud DNS servers being used.
    • User's email address (only if they've logged into the Mimecast Security Agent as opposed to using account wide settings.
    • Mimecast private keychain file, containing the certificates being used for TLS connections.

The private keychain contains the user's logon information, but the password to unlock the keychain isn't included. This means no one (including Mimecast or the originating user) can read it. We only say that the information exists, but not what it is.

  • General System Information: including:
    • Mimecast Security Agent version, including the agent software and the kernel extension.
    • Information about the kernel extension to enable Mimecast to see it is working and correctly configured.
    • Which Mimecast Security Agent processes were running at the time the diagnostics were collected.
  • Crash Reports: Any relevant crash reports from the Mac is collected including any:
    • For the Mimecast Security Agent's own processes.
    • Kernel panic reports on the system. These allow us to see if there are any badly behaved kernel extensions that might be causing stability issues (e.g. from Apple's, the MSA, Sophos, SentinelOne, or other 3rd party solutions).
  • General System Information: The diagnostic collection creates a file called System Info.txt, containing information about the hardware and software configuration of the Mac. This includes:
    • Hardware information (e.g. model and processor, memory, serial number, UUID).
    • Software information (e.g. macOS version, kernel version, computer name, user name).
    • Network configuration (e.g. networks listed in the system preferences).

Due to the way this information is collected, it isn't possible to select exactly what is collected.

  • WiFi Configuration: Full details of all currently configured WiFi networks (if any) and all currently visible networks.
  • Firewall Settings: Full details of the Mac's firewall settings.
  • Power Information: Details of the Mac's battery and system power settings (e.g. time before the display or computer sleeps, whether the machine was plugged in).
  • DNS Configuration: Contains the DNS configuration as known to the OS.
  • Processes: A list of all running processes at the time the file was created.
  • Loaded Kernel Extensions: A list of all the kernel extensions loaded at the time the file was created, including the Mimecast Security Agent extension, 3rd party extensions, and those built in to macOS.
  • Netstat Output: Lists the currently active internet connections (showing remote IP addresses) and active kernel control channels / sockets.
  • Power Manager Logs: Contains details of the power manager logs (e.g. when the Mac was sleeping / woke up, what applications were preventing sleep). This also summaries actual wake / sleep events since the machine was last booted.

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.