v2023.8
Notes
Fixed
❗ Fixed issue where client mode was almost always logged as "unknown" (since v2023.5)
❗ Fixed issue where TeamID and SigningID rules were evaluated when a binary had codesign issues.
Changed
Added
➕ Mount name information added to disk events
➕ rules_received
and rules_processed
fields now sent in postflight request
➕ SigningID rules now support transitive allowlisting
➕ File Access Authorization now supports UI flows, similar to blocked binary executions
➕ File Access Authorization enforcement can now be controlled via sync settings
➕ Rules can now be imported/exported as JSON via santactl
What's Changed
- Added TransitiveWhitelisting explanation to rules.md by @p-harrison in #1150
- Add support for was_mmaped_writeable to file write monitoring when using macOS 13+ by @pmarkowsky in #1148
- Fix issue where re config types couldn't be overridden by @mlw in #1151
- Add mount from name information to disk appear events by @mlw in #1153
- Remove references to old EnableSystemExtension config key by @mlw in #1155
- sync: Send
rules_received
andrules_processed
fields in postflight request by @russellhancox in #1156 - Add SigningID/TeamID to Event definition in sync-protocol.md by @p-harrison in #1158
- Correction to sync-protocol.md by @p-harrison in #1159
- Fix new buildifier issues by @mlw in #1162
- Additional metrics for File Access Authorizer client by @mlw in #1160
- Use default event detail button text when a custom URL is set by @mlw in #1161
- Restore file_bundle_hash & file_bundle_binary_count to Sync Protocol Docs by @pmarkowsky in #1164
- Document SyncExtraHeaders in configuration.md by @p-harrison in #1166
- Fix issue where client mode was almost always logged as "Unknown" by @mlw in #1165
- Remove logupload stage from syncing-overview.md by @p-harrison in #1168
- Fix typo in troubleshooting.md by @kyoshisuki in #1169
- Update rules.md with more detail on Transitive/Compiler rules by @p-harrison in #1172
- Add Tests for #1165 Behavior. by @pmarkowsky in #1173
- Bump bazel and build_bazel_rules_apple versions by @mlw in #1178
- Make Transitive Allowlisting Work with Signing ID rules by @pmarkowsky in #1177
- Update Protobuf and Abseil versions by @mlw in #1179
- UI For Blocked File Access by @mlw in #1174
- Add ability to override File Access actions via config and sync settings by @mlw in #1175
- Add basic support for importing and exporting rules to/from JSON by @pmarkowsky in #1170
- Flatten deps to satisfy internal checkers by @mlw in #1182
- Internal build fixes by @mlw in #1183
- Use 'set -xo pipefail' instead for lint.sh by @tnek in #1185
- Pin GitHub Actions to Specific Versions by @pmarkowsky in #1184
- Add ability to specify custom event URLs and button text for FAA dialog by @mlw in #1186
- Remove superfluous import by @mlw in #1188
- Update sync-protocol.md by @p-harrison in #1187
- Fix missing Santa block gif by @pmarkowsky in #1193
- Only eval TID and SID rules when the binary signature is valid by @mlw in #1191
New Contributors
- @kyoshisuki made their first contribution in #1169
Full Changelog: 2023.7...2023.8