SensitiveApplications
DLPExecutableNames
- Array of strings with the executable names of applications. Any data created by an application with a matching process name will be considered sensitive.
- example: /Applications/Xcode.app/Contents/MacOS/Xcode
DLPSigningIdentifiers
- Array of strings with the app signing identifier of applications. Any data created by an application with a matching signing ID will be considered sensitive.
- Example: com.microsoft.Word
- Example command to obtain app ID for this preference:
- codesign -dv /Applications/Microsoft\ Word.app | grep Identifier
DLPTeamIdentifiers
- Array of strings with the team signing identifier of applications. Any data created by an application with a matching team signing ID will be considered sensitive.
- Example: UBF8T346G9
- Example command to obtain team ID for this preference:
- codesign -dv /Applications/Microsoft\ Word.app | grep TeamIdentifier
SensitiveUTIs
- Array of strings with the Uniform Type Identifier (UTI) of types of files to always consider sensitive irrespective of the application used to modify or create them.
- Example: org.openxmlformats.wordprocessingml.document
- Example command to obtain UTIs for a given file
- mdls -name kMDItemContentTypeTree /path/to/file
- Results are listed most to least specific when running this command.
- "com.apple.quicktime-movie" could be used to track .mov files
- "public.movie" could be used to track any video file
- "public.audiovisual-content" could be used to track any audio or video file.
- "public.data" could be used to track any file containing data on the system (not recommended)
- Note: cmdReporter does not rely on spotlight indexing
SensitivePaths
- Array of strings with the full path to folder(s) that should be considered sensitive. Any file contained in these folders will be considered sensitive.
- Example /Volumes/Data/
Example Plist
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>SensitivePaths</key> <array> <string>/Volumes/Data/SensitiveData/</string> <string>/Volumes/CompanyData/SensitiveData/</string> </array> <key>SensitiveApplications</key> <dict> <key>DLPExecutableNames</key> <array> <string>/System/Applications/Calculator.app/Contents/MacOS/Calculator</string> <string>/Applications/Xcode.app/Contents/MacOS/Xcode</string> </array> <key>DLPSigningIdentifiers</key> <array> <string>com.apple.TextEdit</string> </array> <key>DLPTeamIdentifiers</key> <array> <string>VEKTX9H2N7</string> </array> </dict> <key>SensitiveUTIs</key> <array> <string>org.openxmlformats.wordprocessingml.document</string> </array> </dict> </plist>