Skip to content

V3 #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
redteampanda-ng merged 7 commits into from
Dec 22, 2025
Merged

V3 #89

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
e380ff3
chore: add note about custom root CA (#81)
redteampanda-ng Dec 9, 2025
43dac07
Merge branch 'main' into v3
redteampanda-ng Dec 9, 2025
5cdee7a
chore: update changelog
redteampanda-ng Dec 17, 2025
13897fb
Merge branch 'main' into v3
redteampanda-ng Dec 17, 2025
1a6afe1
fix: macos 26 fda (#86)
galex505 Dec 17, 2025
b032828
chore: macos 26 full disk access issues (#88)
galex505 Dec 22, 2025
e919f2a
Merge branch 'main' into v3
redteampanda-ng Dec 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 9 additions & 7 deletions administration/agent.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,8 +131,8 @@ following tasks.
If you need to grant Full Disk Access via MDM, please have a look at the chapter
:ref:`appendix/mdm-fulldiskaccess:Full Disk Access for macOS asgard2-agent-service via MDM`.

Prior to macos 26
"""""""""""""""""
Prior to macos Tahoe 26
"""""""""""""""""""""""

To do this, navigate on your Mac to ``System Settings`` > ``Privacy &
Security`` > ``Full Disk Access``:
Expand All @@ -147,12 +147,12 @@ You need to enable the ``asgard2-agent-service`` slider:
:scale: 40
:alt: macOS 13 Full Disk Access

Starting with macOS 26
""""""""""""""""""""""
Starting with macOS Tahoe 26
""""""""""""""""""""""""""""
Starting with version 26, we noticed that macOS no longer displays the entry ``asgard2-agent-service`` in the Full Disk Access UI.

.. figure:: ../images/macos_missing_asgard2-agent_service.png
:scale: 40
:scale: 50
:alt: Missing asgard2-agent.service

If you have updated from macOS 15 Sequoia you should check in ASGARD the THOR scan protocol for a warning about Full Disk Access or query your operating system's ``TCC.db`` database.
Expand All @@ -169,8 +169,9 @@ To query the database, open the Terminal App and perform the following SQL comma
This value section must match:

.. code-block:: console
:emphasize-lines: 1

asgard2-agent-service|1|2|4|1|
|1|2|4|1|

If the values do NOT match at this point, or if you originally installed our agent on macOS 26, please proceed with the following instructions.

Expand Down Expand Up @@ -199,12 +200,13 @@ Choose the ``asgard2-agent-service`` and click ``Open``.
Check that the permissions have now been granted correctly by reopening the Terminal App and executing the following SQL command:

.. code-block:: console
:emphasize-lines: 2

MacBook-Pro:~ nextron$ sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.db 'select * from access' | grep asgard
kTCCServiceSystemPolicyAllFiles|/private/var/lib/asgard2-agent/asgard2-agent-service|1|2|4|1|??||0|UNUSED|0|176962327|||UNUSED|0
MacBook-Pro:~ nextron$

Please note that the entry is still not displayed in the UI.
Please note that ``asgard2-agent-service`` is still not displayed in the UI.

Finally adjust the permissions again:

Expand Down