cmdReporter Wiki

Open navigation

3.4 + Announcements - July 2020


DLP Beta Officially Live!

  • Our free public beta is available today and included as part of cmdReporter v3.4
  • Details about cmdReporter +DLP and the beta in 3.4 can be found here: Data Loss Prevention (DLP)
  • To test DLP, simply install a configuration profile with the com.cmdsec.cmdreporter.dlp domain
    • An example cmdReporter +DLP Profile is available for reference.
    • If the DLP preference domain is not configured, all DLP features are completely disabledso the same version of cmdReporter can be used in production environments.
  • Our invite-only closed beta with bi-weekly builds will begin next week

Product Announcements:

  • Host Intrusion Prevention: Coming in Fall 2020*
  • Data Loss Prevention (DLP): Coming in Fall 2020*

*Requires an additional license

v3.4 Release Notes:

Major Changes:

Prohibited Application Blocking

  • Prohibit execution of binaries based on executable name, team signing ID, or app signing ID.
  • Upon blocking an application or executable the prompt below will be shown to users.
  • IMPORTANT: LaunchDaemons executing as the root user are intentionally exempted from prohibited applications to allow restrictions of administrative tools. More detail available HERE

File Monitoring Events

  • After customer feedback, cmdReporter's file monitoring events have been enriched, extended, and redesigned for intrusion detection. As such, Host Intrusion Detection (Currently in Beta) is replacing File Event monitoring.
  • Removal of the following preferences
    • FileEventInclusionPaths
    • FileEventExclusionPaths
    • FileEventUseFuzzyMatch
  • More details about cmdReporter's included intrusion detections available HERE

Verbose Messages

  • New behavior to only additionally log non-privileged terminal activity

Minor Changes:

  • host_info.osversion
    • Old:   Version 10.15.5 (Build 19F96)
    • New:  macOS 10.15.5 (Build 19F96)
  • Speed Improvements to core processing engine
  • Unified Log search performance improvements
  • Event Filtering now additionally filters on responsible_process_name to mute child processes of a muted application
  • Rate limiting summarization logic speed improvements

New Event Types:



New Preferences:


KeyValue TypeExample Values
ProhibitedApplicationsenclosing dictionaryn/a
    PAExecutableNamesArray of Stringsfdesetup
    PASigningIdentifiersArray of
    PATeamIdentifiersArray of StringsBD3YL53XT4

cmdReporter +DLP

KeyValue TypeExample Value
SensitiveUTIsArray of Stringsorg.openxmlformats.*

SensitivePathsArray of Strings/Users/.*/Documents/
SensitiveApplicationsenclosing dictionaryn/a
    DLPExecutableNamesArray of Stringsfdesetup
    DLPSigningIdentifiersArray of
    DLPTeamIdentifiersArray of StringsBD3YL53XT4

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.