Heimdal Assistance and Support Help Center home page

Articles in this section

Haven't Tried Heimdal Yet?

Start Free Trial 30-day Free Trial. Offer valid only for companies.

Best practices - Endpoint Settings (macOS)

Last updated

This guide outlines the essential best practices specifically for macOS Endpoint Settings within the Heimdal Dashboard. By aligning your Apple environment with these recommendations, you extend your defense-in-depth strategy to macOS endpoints—minimizing your attack surface while keeping your Mac users productive and secure.

DNS SECURITY - ENDPOINT

In the DarkLayer Guard sub-tab:

  • Force DHCP DNS usage - enable this option only if you are troubleshooting an active routing conflict with an enterprise VPN client. Because macOS handles network extensions differently than Windows, blindly enabling these can disrupt the local DNS proxy. If a conflict arises, contact Heimdal Support for specific alignment.

3RD PARTY PATCH MANAGEMENT

In the Patch & Assets tab:

  • Keep all applications up to date - Enable this to ensure supported macOS applications (like Chrome, Firefox, Zoom) receive automatic vulnerability patching.

  • "Push Install" - Enable the Push Install tickbox only when you know you want the Heimdal Agent to install the selected application available in the Heimdal third-party catalog onto the Mac devices applying the group policy.

OPERATING SYSTEM UPDATES

In the Patch & Assets tab:

  • Operating System Updates - This allows Heimdal to monitor and push critical Apple System and Security updates. Note the fact that some updates require a reboot, and that is controlled only by the Operating System (the Heimdal Agent cannot force a reboot).

NEXT-GEN ANTIVIRUS

In the Endpoint Detection tab:

  • Default action on detection of infected files - Make sure the Quarantine option is set to move detected files into quarantine. 

RANSOMWARE ENCRYPTION PROTECTION

In the Endpoint Detection tab:

  • Reporting mode - Before running Ransomware Encryption Protection with its full protection, ensure that you run it in Reporting mode for at least a week to identify potential false positive applications that might trigger the engine.

  • Exclusions - Make sure you exclude intercepted processes that you are confident are false positives. 

PRIVILEGED ACCESS MANAGEMENT

In the Privileges & App Control tab:

  • Approval via Dashboard - Ensure that any elevation or administrative session request requires explicit review and approval by your IT support team within the Heimdal Dashboard console to maintain a strict audit trail.

Haven't Tried Heimdal Yet?

Start Free Trial 30-day Free Trial. Offer valid only for companies.