Long Arrow Right External Link angle-right Search Times Spinner angle-left
Go to ThreatLocker

Search our Knowledge Base

Mac Agent 1.0

Updated January 9, 2023
Currently in Open Beta
Latest Version: 1.0.0.172

Known Bugs

  • .pkg files are not treated as executables and are not able to be blocked using Default Deny - expected fix by 01/11 (version 1.0.0.173)
  • Request Notifications rely on Apple's Notification Center and are not instant on a block - expected improvements by 01/11 (version 1.0.0.173)
  • Blocked items in the Tray don't show in the correct order - expected fix by 01/16 (version 1.0.0.174)
  • Unable to set an Application Policy for a specified Interface - expected fix by 01/16
  • Apple's storage interface cannot be used in Storage Policies - expected fix by 01/16
  • Default Deny Policy isn't created automatically - expected fix by 01/16
  • Approval Requests don't automatically trigger a Policy Download, and Policy Deploy is required - expected fix by 01/16
  • Processes do not work when used in Custom rules - expected fix by 01/23 (version 1.0.0.175)
  • Default Deny and Storage Control products are Enabled by default and cannot be Disabled - expected in Version 1.1
  • Users don't receive a popup for active Maintenance Modes and can't end them from the Mac - expected in Version 1.1

Current Functionality

  • Mac Agent will install into the specified group and Check In to the Portal every minute
  • The application and file actions are uploaded to the Portal every minute
  • Upon Installation, a Baseline will run on the Mac, logging all files into the Unified Audit
  • Learning Automatic <Group> and Learning Automatic <Computer> will create Policies based on the Baseline, and Simulated Denies (Green Denies) for the Default Deny Policy (e.g. Default - MAC)
  • Application Definitions can be created using hashes and custom rules
  • Tamper Protection Disabled, Learning, Installation, and Monitor Maintenance Modes are supported
  • Full auditing of the read, write, move, and delete of files on external devices and specified local drive folders
  • Ability to deny access to storage locations based on interface type or specified paths
  • Supports authentication using Authorization Hosts on a Windows device using NAC
  • Updates the IP address for NAC objects used by a Windows device
  • Tamper Protection is on by default and prevents users from disabling or removing ThreatLocker