OS X 10.11 El Capitan includes a serious hurdle against malware called the System Integrity Protection or just SIP. SIP literally kills root for /usr, /bin, /sbin, and /System, preventing ANY user or application, except for Mac-native installer software, from writing to these locations or debugging protected processes. This way for the first time Apple has decided to reject one of the principals of Unix that lies in the almighty access privileges of a superuser or root. It’s no surprise that SIP has been instantly labeled “rootless” among Mac users.
SIP is enabled by default, preventing 3rd party processes from modifying of certain system processes, files and folders regardless if they are launched by the root user or not. Layout of the system disk is not allowed to modify either, that’s why HDM for Mac is not able, for instance, to redistribute free space between your OS X and BootCamp partitions until SIP is deactivated. The same restriction goes for the Paragon Snapshot component that is used to make consistent backup images of in-use files, running applications and OS.
We offer you the choice of either accomplishing otherwise prohibited operations from the recovery media or switching off SIP to do all operations directly in Mac OS X. For more details, please consult Preparing Bootable Recovery Media and Managing SIP.
You can manage (disable or enable) System Integrity Protection with the csrutil command line utility or through a Paragon’s dialogue embedded to the Startup Manager of the prepared recovery media.
Alternatively, you can do the same actions by selecting System Integrity Protection Management in the Startup Manager of the recovery media.