v3.4 Release Notes:
Prohibited Application Blocking
- Prohibit execution of binaries based on executable name, team signing ID, or app signing ID.
- Upon blocking an application or executable the prompt below will be shown to users.
- IMPORTANT: LaunchDaemons executing as the root user are intentionally exempted from prohibited applications to allow restrictions of administrative tools. More detail available HERE
File Monitoring Events
- After customer feedback, cmdReporter's file monitoring events have been enriched, extended, and redesigned for intrusion detection. As such, Host Intrusion Detection (Currently in Beta) is replacing File Event monitoring.
- Removal of the following preferences
- More details about cmdReporter's included intrusion detections available HERE
- New behavior to only additionally log non-privileged terminal activity
- Old: Version 10.15.5 (Build 19F96)
- New: macOS 10.15.5 (Build 19F96)
- Speed Improvements to core processing engine
- Unified Log search performance improvements
- Event Filtering now additionally filters on responsible_process_name to mute child processes of a muted application
- Rate limiting summarization logic speed improvements
New Event Types:
|Key||Value Type||Example Values|
|PAExecutableNames||Array of Strings||fdesetup|
|PASigningIdentifiers||Array of Strings||com.apple.TextEdit|
|PATeamIdentifiers||Array of Strings||BD3YL53XT4|