Tamper prevention forbids unauthorized modification, disabling, or deletion of the Jamf Protect application, system extension, and its critical files. This feature also protects against locally disabling tamper prevention protections.

Example:

Attempts to remove or disable Jamf Protect may include:

  • Dragging-and-dropping Jamf Protect into the Trash.

  • Removing Jamf Protect with programmatic or command-line interfaces.

Tamper prevention is configured using a Jamf Protect plan and the Block and report setting is enabled by default.

Jamf Protect's tamper prevention complements these built-in macOS security features:

System Integrity Protection (SIP)

The Jamf Protect system extension is protected by Apple's native System Integrity Protection (SIP). This reduces Jamf Protect's exposure to tampering on computers.

Non-removable system extension settings

On macOS 15 or later, Apple introduced the ability for end-users with administrative privileges to view and remove system extensions within System Settings. To prevent Jamf Protect from being removed via this method, you must deploy an additional configuration profile to computers that are running macOS 15 or later. For more information about deploying this configuration profile see Making Jamf Protect a Non-Removable System Extension.