v3.4 Release Notes:
Major Changes:
Prohibited Application Blocking
- Prohibit execution of binaries based on executable name, team signing ID, or app signing ID.
- Upon blocking an application or executable the prompt below will be shown to users.
- IMPORTANT: LaunchDaemons executing as the root user are intentionally exempted from prohibited applications to allow restrictions of administrative tools. More detail available HERE
File Monitoring Events
- After customer feedback, cmdReporter's file monitoring events have been enriched, extended, and redesigned for intrusion detection. As such, Host Intrusion Detection (Currently in Beta) is replacing File Event monitoring.
- Removal of the following preferences
- FileEventInclusionPaths
- FileEventExclusionPaths
- FileEventUseFuzzyMatch
- More details about cmdReporter's included intrusion detections available HERE
Verbose Messages
- New behavior to only additionally log non-privileged terminal activity
Minor Changes:
- host_info.osversion
- Old: Version 10.15.5 (Build 19F96)
- New: macOS 10.15.5 (Build 19F96)
- Speed Improvements to core processing engine
- Unified Log search performance improvements
- Event Filtering now additionally filters on responsible_process_name to mute child processes of a muted application
- Rate limiting summarization logic speed improvements
New Event Types:
New Preferences:
cmdReporter
| Key | Value Type | Example Values |
| ProhibitedApplications | enclosing dictionary | n/a |
| PAExecutableNames | Array of Strings | fdesetup Calculator |
| PASigningIdentifiers | Array of Strings | com.apple.TextEdit |
| PATeamIdentifiers | Array of Strings | BD3YL53XT4 |