macOS
The custom scans feature allows you to search host computers for very specific information. Custom scans must be created separately for different operating systems. Within each operating system, there are different types of scans that can be created. Refer to Add A macOS Custom Scan below for a list of scan types and general instructions on adding scans. Refer to the instructions for each scan type for field level information. You can modify or remove the scans at any time. When a custom scan is modified, it affects any existing general scans that use that custom scan.
Add a custom scan
- Click Policy & Objects.
- Expand Endpoint Compliance.
- Click the Scans option to select it.
- Click Custom Scans.
- Select Add.
- Select macOS from the Operating System drop-down list.
-
Select the type of scan desired. Each scan type has a special set of fields that are specific to that type. Use the table below for settings.
Scan Type
Description
File
Test for the existence of a specific file on the host. See File scan settings.
Package
Test for a existence of a specific installer package on the host. An inclusive range of macOS Versions can be specified for this scan. See Package scan settings.
Processes
Test for the existence of a specific process. See Processes scan settings.
Prohibited-Processes
Test for the existence of a specific prohibited process. See Prohibited processes scan settings.
- Enter the Name for the custom scan.
- Enter the information for the custom scan.
- Click OK.
- The name of the custom scan will now appear in the Custom Scans section for each macOS scan and can be selected as part of the creation or modification of the general scan parameters.
File scan settings
To create a custom scan for a specific file, enter the information shown in the table below into the custom scan window after selecting the File scan type.
Scan Parameter |
Description |
Label |
This label appears in the Results page information to identify which scan the host failed. |
Severity |
The severity of the failure if the file is not on the host. If you select Required and the file does not exist, the host fails the custom scan. If you select Warning, the host passes the custom scan and a Policy Warning event is generated. This event can be mapped to an alarm and set to notify the Administrator. See Severity level for more details. |
File Name |
The name of the file being checked for on the host. |
Starting Path |
The search for the file starts with the directory indicated here and includes all sub-directories and files. Important: Use the forward slash (/) to delimit directory names. Do NOT use a colon (:). |
Web Address |
The URL of the page with information regarding this file. If entered, this link appears on the Results page. This is a user created web page. It must be stored in:
When completing this field you must enter part of the path for the page not just the page name, such as:
|
Prohibit this product |
If the file is found and this is set to true, the host fails the scan for a prohibited product. Default = false. |
Package scan settings
To create a custom scan for a specific installer package, enter the information shown in the table below into the custom scan window after selecting the Package scan type.
Use this custom scan to check whether particular updates or patches have been applied to the host.
If the package name is installed on a host with an OS version outside the range, the host will pass the scan. |
Scan Parameter |
Description |
Label |
This label appears in the Results page information to identify which scan the host failed. |
Severity |
The severity of the failure if the package is not on the host. If you select Required and the package does not exist, the host fails the custom scan. If you select Warning, the host passes the custom scan and a Policy Warning event is generated. This event can be mapped to an alarm and set to notify the Administrator. See Severity level for more details. |
Package Name |
name.pkg The name of the installer package being searched for on the host. The custom scan searches the /Library/Receipts directory for install receipts. |
Minimum macOS |
The inclusive minimum version of the macOS software. |
Maximum macOS |
The inclusive maximum version of the macOS software. |
Web Address |
The URL of the page with information regarding this installer package. If entered, this link appears on the Results page. This is a user created web page. It must be stored in:
When completing this field you must enter part of the path for the page not just the page name, such as:
|
Processes scan settings
To create a custom scan for a specific process, enter the information shown in the table below into the custom scan window after selecting the Processes scan type.
Scan Parameter |
Description |
Label |
This label appears in the Results page information to identify which scan the host failed. |
Web Address |
The URL of the page with information regarding this process. If entered, this link appears on the Results page. This is a user created web page. It must be stored in:
When completing this field you must enter part of the path for the page not just the page name, such as:
|
Severity |
The severity of the failure if the process is not running on the host. If you select Required and the process does not exist, the host fails the custom scan. If you select Warning, the host passes the custom scan and a Policy Warning event is generated. This event can be mapped to an alarm and set to notify the Administrator. See Severity level for more details. |
Process Name |
The name of the process being scanned for on the host. This name is seen when you use ps at the command line. This is not necessarily the name in the Activity Monitor list. For example, iChat, iChatAgent, iTunes, iTunesHelper. |
Prohibited processes scan settings
To create a custom scan for a specific prohibited process, enter the information shown in the table below into the custom scan window after selecting the Prohibited Processes scan type.
Scan Parameter |
Description |
Label |
This label appears in the Results page information to identify which scan the host failed. |
Web Address |
The URL of the page with information regarding this prohibited process. If entered, this link appears on the Results page. This is a user created web page. It must be stored in:
When completing this field you must enter part of the path for the page not just the page name, such as:
|
Severity |
The severity of the failure if the prohibited process is running on the host. If you select Required and the prohibited process does exist, the host fails the custom scan. If you select Warning, the host pass the custom scan and a Policy Warning event is generated. This event can be mapped to an alarm and set to notify the Administrator. See Severity level for more details. |
Process Name |
Name of the prohibited process being scanned for on the host. |