TechTool Pro 11 is asking to install the Helper Tool upon application launch

In some instances, Techtool Pro 11 may ask to install a Helper Tool at launch, rather than when you first attempt to perform a task that requires elevated privilege. The reason for this is that the TCC.db file located in /Library/Application Support/com.apple.TCC directory does NOT have a group permission designation. The TCC.db file is used in macOS Mojave to define which applications and processes can run using Apple's implementation of Full Disk Access.

No group permission

If you traverse down to /Library/Application Support you will notice that there is a little red do-not-enter symbol (for lack of a better/correct description) on the directory folder entitled com.apple.TCC. On a majority of the macOS Mojave installations there IS a group permission on this directory and its enclosed files, including the TCC.db file, and Techtool Pro will not ask to authenticate. When there is the presence of a group permission on this directory, the Helper Tool will only be requested when TechTool Pro 11 needs to run at elevated privilege. However, if this is NO group permission on the com.apple.TCC directory, the Helper Tool will be called immediately upon launch of TechTool Pro 11 in order to run at elevated privilege so it can read the TCC.db to confirm whether or not TechTool Pro 11 has Full Disk Access to proceed.

Here are the steps that you will need to follow to correct this issue. This procedure will require that you temporarily disable Apple's System Integrity Protection (SIP), allowing you to add in the missing group designation to the com.apple.TCC directory.

To start:

  1. Click the  menu.
  2. Select Restart...
  3. Upon system restart, hold down the command-R keys to boot into the Recovery partition.
  4. Once booted from the Recovery partition, click the Utilities menu and select Terminal.
  5. From the command prompt in the Terminal app, type csrutil disable and then press the Return key.
  6. Click the  menu and select Restart....

Once you have returned to your logged in account, you will need to:

  1. Launch the Terminal application located in /Applications/Utilities.
  2. At the Terminal prompt, type in the following command: sudo chown -R root:wheel /Library/Application\ Support/com.apple.TCC
  3. Press the Return key.
  4. You will be asked to enter in your administrator password, please do so and press the Return key.
  5. This will now recursively add the group (wheel) to the com.apple.TCC directory and any of the enclosed files within the directory.
  6. Upon completion, type in the following command: sudo chmod 755 /Library/Application\ Support/com.apple.TCC
  7. Press the Return key.
  8. Initiating this command will correctly apply the privilege settings to the com.apple.TCC directory.
  9. Upon completion, type in the following command: sudo chmod 644 /Library/Application\ Support/com.apple.TCC/TCC.db
    1. Press the Return key.
    2. Initiating this command will correctly apply the privilege settings to TCC.db.
  10. Now the group designation exists and the privileges necessary are in place. Pat yourself on the back.
  11. Quit the Terminal application.

Now that this is corrected and complete, it is time to re-enable Apple's System Integrity Protection (SIP) feature.

  1. Click the  menu.
  2. Select Restart...
  3. Upon system restart, hold down the command-R keys to boot into the Recovery partition.
  4. Once booted from the Recovery partition, click the Utilities menu and select Terminal.
  5. From the command prompt in the Terminal app, type csrutil enable and then press the Return key.
  6. Close the Terminal app.
  7. Click the  menu and select Restart...

 

*A note to advanced users* Turning off SIP is not necessary if all changes to the com.apple.TCC and TCC.db files are performed from the Recovery HD. In this case, take care to append the full path of your startup disk to the beginning of each path above or cd to /Volumes/<your primary startup disk> and enter the above paths as relative paths (without the leading /).

Once you have restarted and logged in, launch TechTool Pro 11. If you did not grant TechTool Pro 11 Full Disk Access, you will get the request to install the Helper Tool. Proceed with giving TechTool Pro 11 Full Disk Access as instructed in the window presented. If you already granted Full Disk Access to TechTool Pro 11 prior to correcting the com.apple.TCC directory permissions, you should no longer be asked to install the Helper Tool when Techtool Pro 11 launches. Instead, the request to install the Helper Tool will only appear when you are attempting to run a test or tool in TechTool Pro 11 which requires the Helper Tool in order to run at elevated privilege.

We hope that a future update to macOS Mojave will correctly apply permissions to the com.apple.TCC folder and its contents, and that these steps will no longer be necessary.