Starting from
v2.4.x
, DefensX can enforce DNS policies on macOS through a DNS Proxy network extension, without modifying the system's interface DNS settings.On MDM-managed devices, the DNS Proxy extension permission can be pushed via a configuration profile, and the required permissions are granted silently.

On non-MDM devices, the extension can be enabled manually by the end user. If it is not enabled, the agent continues to operate in the previous mode where interface DNS settings are modified directly. Once permissions are granted, the agent status displays
Network Extension: Enabled
, indicating that the DNS Proxy network extension is active.The DNS Proxy Network Extension can be disabled at the deployment level or per individual agent, similar to the Kernel Driver setting on Windows. If needed, it can be disabled regardless of whether permissions were granted via MDM or by the end user.

Step-by-step instructions are available for both Manual Deployment and MDM Deployments.
Additionally, the macOS installer is no longer marked as requiring Rosetta, the DefensX Agent now installs natively without the Rosetta compatibility layer.