Skip to main content
This guide applies to Mac computers

About Kandji Agent Settings and Database Files

When a Mac is enrolled in Iru Endpoint, the Kandji Agent is installed to extend the device management capabilities beyond what Apple’s Mobile Device Management (MDM) framework can achieve. The agent ensures that various configurations, security policies, and applications are enforced and maintained on the device. To support its functionality, the Kandji Agent installs a few key components, including the Kandji Agent Settings Profile and encrypted database (.dbee) files.

Kandji Agent Settings Profile

The Kandji Agent Settings Profile is an MDM configuration profile automatically installed on all enrolled Mac computers. This profile ensures seamless operation of the Kandji Agent and related services such as Self Service, Liftoff, Passport, and the Kandji Extension Manager. It includes several important payloads:
  • Login and Background Items Management (Service Management) - For macOS Ventura and later, this payload ensures users can’t prevent the Kandji Agent from loading at startup using System Settings.
  • Notification Settings - This payload ensures the various Kandji applications can send notifications to the user.
  • Privacy Preferences Policy Control - This payload ensures the Kandji Agent has Full Disk Access to the Mac so it can run custom scripts and install and update both custom and Auto Apps.
  • System Extensions - This payload ensures the Kandji ESF Extension installed with the Kandji Extension Manager (located in /Applications/Utilities/) can activate and deactivate itself without user approval. The Kandji ESF Extension is used for the App Blocking Parameter and replaces the older mechanism used for App Blocking. The Kandji ESF Extension is more efficient and prevents a blocked application from launching before the process is even able to execute any code as it’s denied by the macOS kernel. The Kandji ESF Extension also collects application data for Prism.
These payloads ensure that the Kandji Agent can perform critical tasks without user interference, such as enforcing security policies, running scripts, and managing app installations.

Encrypted Database Files (.dbee)

The Kandji Agent also installs encrypted database files on each device to store essential information locally. These files enable offline functionality and ensure that data is preserved even if network connectivity is lost. The primary database files include:
  • TCData.dbee - Stores hashes of application data, quarantine data, Endpoint Detection & Response (EDR) offline rules, EDR settings, and other EDR-related events.
  • Agent.dbee - Contains parameter settings and history for offline usage.
  • KandjiData.dbee - Stores currently enabled features, first-time run information, Self Service deferrals, and scheduled installs.
  • Library.dbee - Holds information about Library Items and their statuses for reporting during an agent run.
  • RTCData.dbee - Stores Real-Time Communication (RTC) messages in case of network failure or power loss.
  • VBData.dbee - Logs Prism report history.
These database files allow the Kandji Agent to function independently of network connectivity by storing critical configuration data locally.