cmdReporter Wiki

Open navigation

3.4 July 2020

v3.4 Release Notes:

Major Changes:

Prohibited Application Blocking

  • Prohibit execution of binaries based on executable name, team signing ID, or app signing ID.
  • Upon blocking an application or executable the prompt below will be shown to users.
  • IMPORTANT: LaunchDaemons executing as the root user are intentionally exempted from prohibited applications to allow restrictions of administrative tools. More detail available HERE

File Monitoring Events

  • After customer feedback, cmdReporter's file monitoring events have been enriched, extended, and redesigned for intrusion detection. As such, Host Intrusion Detection (Currently in Beta) is replacing File Event monitoring.
  • Removal of the following preferences
    • FileEventInclusionPaths
    • FileEventExclusionPaths
    • FileEventUseFuzzyMatch
  • More details about cmdReporter's included intrusion detections available HERE

Verbose Messages

  • New behavior to only additionally log non-privileged terminal activity

Minor Changes:

  • host_info.osversion
    • Old:   Version 10.15.5 (Build 19F96)
    • New:  macOS 10.15.5 (Build 19F96)
  • Speed Improvements to core processing engine
  • Unified Log search performance improvements
  • Event Filtering now additionally filters on responsible_process_name to mute child processes of a muted application
  • Rate limiting summarization logic speed improvements

New Event Types:


New Preferences:


KeyValue TypeExample Values
ProhibitedApplicationsenclosing dictionaryn/a
    PAExecutableNamesArray of Stringsfdesetup
    PASigningIdentifiersArray of
    PATeamIdentifiersArray of StringsBD3YL53XT4

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.