In macOS Catalina, Apple has introduced a whole new permissions system so that applications cannot access system files or user files by default. In order for Kolide to properly function, it needs to be granted explicit full disk access.
Why does Kolide need full disk access?
Kolide needs full disk access to perform the following tasks:
To list other apps that also have disk access that may not need it.
To inspect system files that give us a better understanding of the security of the device.
To look for evidence of plain text credentials in your downloads, documents, and desktop folders.
Finally, to read the file name of our installation package to assist with user-to-device association.
Kolide takes having full disk access to your mac very seriously and will never transmit the content of your personal files to our server.
If there are questions or concerns about this, please contact us at support@kolide.co, or speak with your admin.
How do I detect which devices have full disk access?
By logging into K2, we have prepared a special inventory view called Kolide Agents that will list all devices that have insufficient permissions.
Additionally, if a device is missing permissions, you will see the Kolide Logo turn red on their device details page.
How do I enable full disk access?
Option 1: We've outlined instructions on how to do this programmatically using an MDM service here: https://help.kolide.com/en/articles/2947201-deploying-the-kolide-installer-to-your-organization.
Option 2: Have users manually update this permission on their device. If your users have self-installed the Kolide package, and you have our Slack app installed, Kolide will reach out to your users automatically with instructions on how to grant full disk access.
32-Bit Apps
macOS Catalina is the first version of macOS to no longer support legacy 32-bit applications. If you are unsure if your organization has any remaining 32-bit apps, you can list them in the K2 apps Inventory.