☰

🌙☀

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis Docs Home
About XDR
Get Started
- Get Started with XDR
- Top 5 Tasks
Integrate with XDR
- Integration Overview
- Data Source Integration Definitions
- All Available Integrations
- Add Data Collectors
- Add Endpoint Agents
- Forward Data to XDR
- Create Custom Parsers
  - Overview
  - Syntax
  - Repeating Fields
  - Overriding and Extending Global Parsers
  - Supported Schemas
  - All Schemas
    - Antivirus
    - Auth
    - CloudAudit
    - DHCP
    - DNS
    - Email
    - Encrypt
    - FileMod
    - HTTP
    - Management Event
    - Netflow
    - NIDS
    - Process
    - Registry
    - Thirdparty
    - Types
Manage Integrations
Alerts, Events, and Investigations
- Alerts
- Events
- Investigations
- CyberChef
Dashboards
Search and Reports
- Search
- Reports
Automation
- Automation Overview
- Supported Playbooks
- Supported Connectors
- Playbooks
- Connectors
- Automation Authoring
  - Building Connector Definitions
  - Building Playbook Templates
  - Common Expression Language (CEL)
Threat Intelligence, Hunting, and Detection
- Threat Intelligence
- Threat Hunting
  - Hunting with Jupyter Notebooks
- Detectors
- Adversary Software Coverage
  - Adversary Software Coverage
  - Frequently Asked Questions
XDR Admin
- Your Account
- Tenant Settings
APIs, SDK, and Magic
- Using XDR GraphQL APIs
- API Authentication
- XDR Python SDK
- Taegis Magic Jupyter Integration
  - Overview
- Alerts API
  - Using the Alerts API
  - Alerts GraphQL API
- Assets API
- Audits API
  - Using the Audits API
  - Audits GraphQL API
- Automations APIs
- Bring Your Own Threat Intelligence API
  - Using the BYOTI API
  - BYOTI GraphQL API
- Collector APIs
- Investigations API
  - Using the Investigations API
  - Investigations GraphQL API
- Threat Intelligence API
  - Using the Threat Intelligence API
  - Threat Intelligence GraphQL API
- Using the Users GraphQL API
- Using the Tenants GraphQL API
- Using the Countermeasures API
- Using the File Upload API
Secureworks Products, Services, and Policies
- Managed iSensor
- ManagedXDR
- ManagedXDR Elite
  - Service Description
  - Onboarding Guide
- ManagedXDR for OT
- ManagedXDR Enhanced
  - Service Description
  - Onboarding Guide
- ManagedXDR–Managed iSensor Add-on
- Secureworks Professional Services
- Legal

Taegis Endpoint Agent for macOS Troubleshooting

integrations endpoints edr taegis agent secureworks

This document provides guidance on initial agent troubleshooting steps you can take and information you can gather prior to reaching out to Secureworks support for assistance with agent issues.

Tip

Additional Taegis Endpoint Agent troubleshooting, tutorial, and informational articles are available in the Secureworks Knowledge Base.

Diagnostics ⫘

The new Diagnostics functionality released with version 1.4.9 provides two operations:

A mode to collect information into an archive file to send to Secureworks support, eliminating the need for the support team to request system details and reducing the time to resolve issues.
A troubleshooting mode that analyzes configuration and runtime operation of all agent components and provides feedback on which items need to be addressed.

To access and use Diagnostics via the preferred method of the agent UI:

Select the Taegis icon from the menu bar and choose Open Secureworks Taegis.

Open Secureworks Taegis

From the left navigation menu of the app, choose Diagnostics.

Diagnostics

Note

Diagnostics can also be run from the command-line program located at /Applications/SecureworksTaegis.app/Contents/bin/taegisctl and must be run with sudo privileges.

Collect Information ⫘

To gather logs and system information to share with support into a single archive file, follow these steps:

Select Collect information for support to expand the section, then select Run.

Collect Information

Once complete, select Open in Finder to access the file to send to support.

Access Archive

Troubleshoot ⫘

To run the troubleshoot tool to attempt to diagnose issues with setup and environment, follow these steps:

Select Troubleshoot to expand the section, then select Run.

Diagnostics Troubleshooting

Once complete, the results display the following possible outcomes:

Pass — The check has passed
Fail — The check has failed and should be investigated
Warn — The check may be benign, but could indicate a potential issue
NA — Not applicable

Troubleshooting Output

Installation ⫘

If using mobile device management (MDM), follow the relevant article listed at MDM Deployment.
If installing outside MDM, follow the UI Deployment instructions.
Open Taegis by selecting the status icon from the menu bar and choosing Open Secureworks Taegis to verify Full Disk Access is granted and System Extensions are allowed.

Auto Upgrade Failures ⫘

Examine logs for any obvious errors: log stream --level debug --predicate 'subsystem == "scwx"'.
Allow taegis-agent-prod-builds.s3.us-east-2.amazonaws.com through firewalls.
Once you’ve verified connectivity to taegis-agent-prod-builds.s3.us-east-2.amazonaws.com, go to your tenant and select Reconnect on the targeted endpoint.

Service Not Starting ⫘

Open up the Console app to view any available crash reports from the agent (filter for secureworks). Additionally the crash file is available under /Library/Logs/DiagnosticReports.

Uninstall ⫘

Uninstall may leave behind active system/network extensions due to an Apple bug. The agent cannot avoid this due to its dependency on the OS.
Logs such as system.log or any crash report for the application may be helpful for further diagnosis.

Taegis Endpoint Agent for macOS Troubleshooting

Diagnostics ⫘

Collect Information ⫘

Troubleshoot ⫘

Installation ⫘

Auto Upgrade Failures ⫘

Service Not Starting ⫘

Uninstall ⫘

On this page: