Digital Guardian Agent for macOS

February 2024

Version: 8.6

February, 2024

Fixes

  • Network Transfer Upload for files was previously not blocked due to a collision in file ID hash values. This issue has been addressed and resolved.

  • Network Transfer Upload of large files to Google Drive were not blocked and no events were reported in the Local Forensic Report. This issue has been successfully resolved by updating the DG WIP Script Pack File for Google Drive. Refer to Resource File Change 8.6 section for more information in DigitalGuardian_Release_Notes_for_Agent_for_macOS_8.6.

January 2024

Version: 8.5.1

January, 2024

New Features

The following are the the key features and highlights of this release:

  • The code has been optimized for event handling for various event types, with specific optimizations implemented for handling of implicit filters.

  • EPS timeout pop-ups have been converted into notifications to avoid interrupting users. Refer to the Installing and Upgrading DG Agent Using JAMF section for profile details in the DigitalGuardian_Agent_for_macOS_Users_Guide_version_8.5.1 for more details.

  • Additional process flags added for applications that do not cause data egress as well as for the majority of security products. Refer to Process Flags Changes in DigitalGuardian_Release_Notes_for_Agent_for_macOS_8.5.1.

  • Code Enhancements by improved error handling mechanisms, for recovering from various RPC errors.

Fixes

  • Some issues were seen due to random EPS popups experienced by different customers which were blocking the functionality of the machines. These issues have been addressed and resolved.

  • After installing the agent, some customers experienced a situation where the Outlook add-in was blocking all new emails sent from Outlook. This occurred because DgWip could not fetch the Outlook process details at that specific time. This issue is resolved.

  • After installing the agent, customers experienced latency while entering text in various applications due to ADE activity in the background, resulting in missing of certain letters in the typed text. This issue is resolved.

  • Upon installing the agent, users experienced a brief delay of a few seconds when attempting to edit a swatch in Adobe Illustrator. Additionally, users experienced a restriction in Adobe InDesign, preventing them from editing a swatch. These issues are resolved in the current release.

November 2023

Version: 8.5

November, 2023

New Features

  • Now you can run DG Agent on macOS 14.0 (Sonoma)

  • Agent for macOS now supports capturing Send Mail operations within the new user interface of Microsoft Outlook. To enable this functionality, it's necessary to deploy the Digital Guardian add-in for Outlook. In this deployment model, administrators must initiate the deployment of the Digital Guardian Outlook add-in through the Microsoft 365 Admin Center. Refer to DigitalGuardian_Agent_for_macOS_Users_Guide_ version_8.5 guide for more information.

  • Agent for macOS now possesses the ability to actively monitor Apple AirDrop events. This includes the capacity to intercept file and folder transfers via AirDrop originating from an agent machine to any nearby Apple device using control rules.

  • Agent for macOS now supports using of Web Inspection Proxy with Microsoft Edge (Chromium).

  • Agent for macOS now scans files on USB devices when RME is enabled. When RME is enabled, for the scanner to scan removable devices, the user should update the Directory Control resource file with the USB path which is similar to /Users/<Username>/Library/CloudStorage/RME-<USBName>/ and then schedule the scanner.

  • Agent for macOS introduces the wipAutoSkipEnableMask setting that allows you to fine-tune which DG WIP auto-skip capabilities are enabled. Values for wipAutoSkipEnableMask can be configured only in a Custom Configuration resource.

  • This new setting provides individual control for detecting websites engaged in the detection scenarios. Please refer to Digital_Guardian_Appliance_macOS_8.5_Release_Notes to see the detection scenarios_. You can configure wipAutoSkipEnableMask to detect zero, one, or more scenarios by adding the values. For sample configurations, see the DG WIP information in DigitalGuardian_Agent_for_macOS_Users_Guide_version_8.5

    NOTE: You can now enable WIP auto-skip detection for Cloudflare sites based on whether the site blocks access or presents a CAPTCHA challenge.
Fixes

  • The issue with alert response not being populated for an alert in ARC has been resolved. ARC will now accurately display the Alert Response that was provided within the prompt for the respective alert.

  • The issue where the destination filename for a Network Transfer Upload operation incorrectly displayed a URL instead of the actual file name has been resolved. In ARC, the Destination Filename for a Network Transfer Upload event will now correctly show the name of the uploaded file.

  • The problem related to text wrapping in the prompt text, which resulted in the truncation and partial visibilityof the prompt text to users, has been successfully resolved. As a result, the prompt text is now displayed accurately and fully visible to users.

  • While using Zscaler in conjunction with the DG Agent, the DG Agent is configured to use ARC as the Certifying Authority for DG Web Inspection Proxy (WIP), and the explicit Proxy is set up to employ a PAC file.An issue was observed where the browser's certificate incorrectly displayed the Zscaler certificate, eventhough the browser traffic was routed through DG WIP. This problem has been resolved by adding a whitelist entry for the URL eucentral-comms.dgsecure.com.

  • The problem that users were facing when they tried to open DGCipher.exe, a file copied to a USB drive by the Mac Agent, and encountered the error message "Application has failed to initialize properly" onWindows, has now been resolved.

  • The problem that users were facing when they tried to open DGCipher.exe, a file copied to a USB drive by the Mac Agent, and encountered the error message "Application has failed to initialize properly" on Windows, has now been resolved.

  • The problem related to tag propagation when saving a Word file to PDF and replacing an existing PDF has been resolved. As a result, permanent tags will be retained when overwriting an existing PDF.

  • The issue where Safari browsing is very slow on the first connection is now resolved. User should not seeany delay while browsing sites immediately after launching Safari.

  • The issue was observed when the Mac Screen Capture application was configured to directly copy files to a USB drive instead of the Desktop by default. This resulted in the rule DLP1041 - D-MAC USB Read and Write Restriction failing to trigger, and no events were logged in DGMC/ARC. This issue has been resolved by introducing a Process Flag entry: /System/Library/CoreServices/screencaptureui.app/Contents/MacOS/screencaptureui,0,0 into the Process Flag Resource File utilized by the agent.

June 2023

Version: 8.4.1

June, 2023

New Features

  • You can run DG Agent on macOS 13.4 (Ventura).

  • DG Agent now supports CA Certificates generated by ARC. These certificates are generated in ARC for the Digital Guardian Web Inspection Proxy component on agents. This feature is available only for MSP customers. Please contact Support to enable this feature. Agent sends an Operational Alert to DGMC when DG WIP is unable to inspect the websites due to communication failure with DG ARC to obtain a server certificate when ARC is enabled as a certificate authority.

Fixes

  • The lag experienced when opening or selecting options in the System Preferences window has been eliminated in this release.

  • Incorrect conversion from string variable to int is encountered which leads to ill effects and system crash. This issue is fixed now.

  • The issue of lag with the cursor select tool in Adobe Illustrator, which caused clicked items to be unexpectedly moved to new locations, has been fixed.

  • The problem of keyboard lag, which caused delay while typing in various applications, has been resolved.

  • The issue of system freezing for a brief period followed by EPS Timeout notification pop-ups has been resolved.

February 2023

Version: 8.4

February, 2023

New Features

  • Digital Guardian provides Removable Media Encryption (RME) capabilities that encrypts and decrypts files that are transferred by the users to removable devices, such as USB drives. To activate Removable Media Encryption, you configure RME settings in the DGMC and then apply the RME resource to machines in dynamic machine groups. For more information, refer to "Activating Removable Media Encryption" topic in "DigitalGuardian Management Console Users Guide".

December 2022

Version: 8.3.1

December, 2022

New Features

  • DG Agent for macOS now supports macOS 13.0 (Ventura).

Fixes

  • Issues with Adobe InDesign when DG Agent is installed are now resolved.

  • Package installation no longer prompts for installation of Rosetta.

  • Cores filling up disk space issue is now resolved.

September 2022

Version: 8.3

September, 2022

New Features
  • DG Agent for macOS now supports macOS 12.5.1 (Monterey).

  • DG Agent now supports network operations. This is an optional feature. See Enabling Network Operations in the Digital Guardian Agent for macOS User's Guide.

  • DG Agent now controls Print and Save As events for Office (excluding Outlook), TextEdit, and Safari. To use this feature, enable ADE. To learn more about ADE, see Digital Guardian Management Console User's Guide.

  • DG Agent now supports the IPv6 address format. You may configure servers with both IPv4 and IPv6 addresses.

  • DG Agent can now store captured files in an Amazon Simple Storage Service (S3) bucket. DG provides the ability for DG Agents to capture local or network files that a user has access to, encrypt packages containing the files, and upload them to cloud storage. See the Digital Guardian Management Console User's Guide.

Fixes
  • Settings.xml is no longer temporarily removed during upgrades to DG Agent.

  • DG Agent now restarts after installing on M1 computers as designed.

  • DG WIP now uses the corporate web proxy to send OCSP (Online Certificate Status Protocol) requests.

  • If a DG Agent user receives an email with a classified attachment and restarts the computer before responding to the justification prompt, the justification prompt reappears as designed.

  • DG Agent now refreshes PAC files when it detects a change in network connection.

  • Saving Microsoft Excel and Word files to OneDrive no longer results in zero byte, read-only files.

  • Mac Keyboard functional Keys work as expected after enabling ADE.

April 2022

Version: 8.2

April, 2022

New Features

  • DG Agent for macOS now supports macOS 12.3 (Monterey).

  • DG Agent now supports Application Data Exchange (ADE), an optional feature that provides control over copy, paste, and native screen-capture actions.

  • Digital Guardian web inspection proxy's (DG WIP) Auto Skip feature automatically skips inspecting websites that use technologies that are incompatible with DG WIP. Currently, DG WIP can automatically skip websites that are hosted by Cloudflare and trigger either a block or a CAPTCHA challenge. You can enable the Auto Skip feature by adding the following entry to your custom configuration resource: <wipAutoSkipEnable>1</wipAutoSkipEnable>

  • If you want to have DG WIP inspect an Auto Skip website, you should manually add a domain flag entry that will take precedence over the auto-skip entry for that site. You must use a valid domain flag. DG recommends using CACHE, which allows inspection.

  • DG Agent generates DG WIP Auto Skip Domain Detected operational alerts with a code that identifies the reason the website is eligible for getting skipped. The possible reason codes are:

    • mtls – Site attempted to use mTLS client certificate authentication.

    • tls-reneg – Site attempted to use TLS renegotiation.

    • imp – Site access was blocked by Imperva content delivery network (CDN) or web application firewall (WAF) security rules.

    • cf – Site access was blocked by CloudFlare content delivery network (CDN) or web application firewall (WAF) security rules.

  • This release includes the ability to capture files to network storage. For instructions on how to configure and use this feature, refer to "Capturing Files to Network Storage" in Digital Guardian Management Console User's Guide and "DG File Extractor Utility" in Digital Guardian Utilities Guide.

Fixes

  • DG Web Inspection Proxy (DG WIP) now expedites the propagation of connection closes initiated by a web server to the paired browser connection, preventing authentication failures.

  • Rules containing the evtDestFilePath parameter now operate as designed.

January 2022

Version: 8.1

January, 2022

New Features
  • DG Agent for macOS now supports macOS 12.0.1 and 12.1 (Monterey) on both Intel and Apple M1 computers.

  • DG Agent for macOS supports TLS 1.3.

Fixes

  • USB block rules applied with user policies now work as designed on Apple M1 computers.

  • An issue with accessing Cloudflare-hosted websites on computers running DG Agent was resolved. These websites were either unreachable or prompted for a CAPTCHA test every time you accessed them.

  • Mac rule exclusions now work as designed when you have more than one rule in a policy and exclude a computer from just some of the rules

  • The process flag file (prcsflgs.dat) now contains lines for the Homebrew installation location on both Intel and M1 computers.

December 2021

Version: 7.8.3

December, 2021

New Features
  • Now you can run DG Agent on all versions of macOS up to macOS Monterey 12.0.1.
Fixes

  • Cloudflare hosted sites now work with DG Agent installed.

  • No cascading EPS pop-ups observed in DG Agent 7.8.3 for macOS.

  • Copying to and from USB no longer causes an exception.

  • DG Agent no longer causes kernel panics post agent upgrade to 7.8.3.

  • No multiple EPS timeout pop-ups are observed while logging into DG Agent machine.

  • DG Agent now sends all classified event data (CLSY_EVENT_DETAIL).

  • Block prompt works successfully when attempting to move files to a USB device.

  • EPS pop-ups no longer block login sessions.

  • Deploying DG Agent updated from DGMC works successfully.

  • DG Agent no longer causes MS Office updates and installs to slow down.

  • DG Agent is now successfully uninstalled.

  • DG Agent can now be deployed using Intune.

  • DGwip log rolling cycles at a reasonable limit.

November 2021

Version: 8.0

November, 2021

New Features
  • The 8.0 version of Agent for macOS supports Apple M1 with Big Sur.

  • Now you can run DG Agent on all versions of macOS up to macOS Monterey 12.0.1.

  • In this release DG Agent Crash Dump Reporting Automation collects information about crashes of DG processes when they occur. The Agent safely uploads the information to a secure cloud repository for analysis by DG personnel. Uploaded crash dump data is purged from the cloud repository after 90 days, but selected data can be moved to Atlassian Jira and remain there longer. The Agent crash dump reporting automation feature employs a widely used open-source component to provide crash dump collection and the SDK of a popular commercial application monitoring and error tracking vendor to upload the data to the secure cloud repository. The only customer task required to support this feature is to enable it in the DGMC. Enabling crash dump reporting automation provides Digital Guardian with consent to collect the crash dump data collected from the Agent computer and the cloud repository. You can enable this feature from the Data tab when configuring the Core Settings configuration resource you plan to use with the Agent. Alternatively, you can enable the <crashReportingEnabled> parameter in a custom configuration resource: <crashReportingEnabled>1</crashReportingEnabled>. Once you enable DG Agent crash dump reporting automation in the DGMC, data about Agent process crashes is collected automatically after the next reboot of the DG Agent computer. Process crash data continues to be collected and analyzed automatically from then on. If this feature is disabled, crash data collection is turned off and no crash dumps are collected.

September 2021

Version: 7.8.2

September, 2021

New Features

  • DG Agent now enables you to add customized resource files while creating an installation package as well as installing agent interactively.

  • You can now run DG Agent on all Big Sur versions up to macOS 11.5 Big Sur.

Fixes

  • DG Agent no longer causes kernel panics post installation after correcting EPS misconfiguration.

  • DG Agent no longer faces End Point Security (EPS) timeout while processing events for skipped processes.

  • When DG attempted to connect to a customer's Netapp SMB share to upload a captured file, a handshake error occurred, preventing the file from being uploaded. The connection failed because DG uses ASN.1 encoding and Netapp uses BER encoding. DG made a change to its encoding and can now decode BERencoded messages.

  • DG Agent now reports all files in the folder in the event, for a copy or move operation.

  • DG Agent no longer fires prompts after a USB is whitelisted.

  • Email body is now classified successfully even when the data is sent in table format.

  • A DLP rule to block classified files from being copied to removable drives is now triggered properly.

  • DG Agent now enables you to successfully add customized resource files while creating installation packages.

  • You can now bypass tamper while running a script from JAMF by removing the /bin/bash,0,NI+NC entry from the process flag file.

June 2021

Version: 7.8.1

June, 2021

New Features

  • You can now run DG Agent on all Big Sur versions up to macOS 11.3. Note: If you plan to install DG Agent for macOS on at least one computer running Big Sur, you must run DG Server 8.2.1 or later to support that agent computer.

  • Now DG Agent supports proxy failover for the Explicit Proxy - Corporate Proxy PAC (proxy auto configuration) file. For example, if the Corporate Proxy PAC file returns the value shown below, and myproxy-server:8080 is not available, DG WIP will fall back to DIRECT. return "PROXY myproxy-server:8080; DIRECT";

  • Now DG Agent automatically rebuilds kernel cache using JAMF deployment and no user consent is required to approve the kernel extension.

Fixes

  • DG Agent now sends Send Email events to the DGMC with alert details as designed.

  • DG Agent no longer impacts the performance of the Node.js and React developer tools.

  • You can now bypass tamper-resistant mode by applying the SK and the TRC flags to processes in the process flags file.

  • Now all prompts to allow extensions after installing or upgrading DG Agent appear as expected.

  • Now you can install and upgrade DG Agent on macOS 11.x computers without whitelisting the team ID from recovery mode and without using a third-party mobile device management (MDM) application.

  • DG Agent no longer causes kernel panics due to user-based policies.

  • Google Chrome no longer displays errors when you access Google Docs on DG WIP-enabled DG Agent computers.

  • Entering search criteria in Visual Studio Code no longer causes DG Agent computers to hang due to high CPU usage, and then restart. DG resolved the issue with new Visual Studio Code process flags and directory control file entries.

  • DG Agent no longer causes disk space to fill up with system files.

  • DG Agent is now classifying DOCX and XLSX files as expected.

January 2021

Version: 7.8.0

January, 2021

New Features
  • DG Agent for macOS supports installation and operation on macOS 11.0.x and 11.1.x (Big Sur). Note: If you plan to install DG Agent for macOS on at least one computer running Big Sur, you must run DG Server 8.2.1 or later to support that agent computer.

  • To enable DG Web Inspection Proxy (WIP) to work on Big Sur and later macOS versions, DG has converted it from an "implicit proxy" to an "explicit proxy." Both types of web proxies help prevent data loss from occurring through a web browser. As a result of this change, customers using the DG Agent on computers running Big Sur or later will need to create a system proxy configuration that explicitly directs network traffic to the DG WIP process. In environments that use a corporate proxy server, the explicit proxy will be inserted between the web browser and the corporate proxy. As the first proxy in the line, the explicit proxy (DG WIP) will receive network traffic flowing to and from the browser before forwarding the traffic to the corporate proxy. DG WIP will continue to operate as an implicit proxy on Catalina without any configuration changes. Customers can configure DG WIP in explicit proxy mode on Catalina for initial testing in non-production environments. However, this is not supported in production environments. To learn more about the explicit proxy, see Digital Guardian Explicit Proxy Deployment Guide.

  • A new program runs on DG Agent computers running macOS 11.0 and later. This program checks if a certificate that DG WIP needs in order to work on macOS 11.0 or later is in the login keychain. If the certificate is not in the keychain, the program helps you add it to the keychain. The program launches under the following conditions:

    • After installing or upgrading DG Agent, and you are logging on for the first time after the Agent computer restarts.

    • If the default WIP Root Certificate Template in the DGMC is replaced with a custom Root Certificate Template.

Fixes

  • DG Agent now detects print events from Microsoft Word and Microsoft Excel as expected.

  • DG Agent computers running macOS 11.0.x and 11.1.x no longer restart slowly when Apple Endpoint Security is enabled.

  • DG Agent no longer causes kernel panics on Agent computers after upgrading the operating system from macOS 10.15.3 to version 10.15.4.

  • If you use the -I and -F input arguments when you remove and install Agents, older Agent files and folders are now removed completely as expected.

  • DG Agent no longer causes disk space to fill up with system files.

  • DG Agent computers no longer experience unexplained high CPU usage.

  • DG Agent no longer reports Sendmail events for previously sent email messages, and Sendmail events now indicate the correct sender.

  • To allow Crowdstrike Falcon version 6.11 to run successfully on Agent computers, DG added these process flags to the default process flags file for DG Agent:

    • /Library/Application Support/CrowdStrike/Falcon/.*,0,SK+TRC

    • /Applications/Falcon.app/.*,0,SK+TRC

  • To prevent the DG WIP process from blocking web site redirections, DG added the domain flag "cc.zdtc.app,SK" to the default resource file (domains.txt).

  • Attempting to modify a file on a USB drive using the text editor Atom when a USB egress policy is applied no longer causes the file to get deleted.

  • DG Agent no longer assigns Digital Guardian-related names, such as "Digital Guardian Endpoint DLP Volume 0,” to unnamed USB drives when inserted into a DG Agent computer.

  • Screen captures taken with the tool Greenshot now succeed on DG Agent computers.

  • Now DG Agent intercepts network transfer upload (NTU) events in Safari 14. An entry was added to the process flags file to ensure interception.

  • Long volume serial numbers generated on DG Agents for macOS no longer cause bundle processor errors on the DGMC.

  • DG improved DG Web Inspection Proxy (WIP) connection settings so Microsoft Outlook no longer disconnects from the Exchange server when sending, receiving, or when idle.

  • The Xcode process flag now recognizes all possible Xcode file names.

  • Removable Media Encryption (RME) now encrypts files written to removable media as expected. DG WIP required up to a 24-hour delay when a website certificate was updated before the change would become effective, leading to transient certificate errors in certain circumstances. To resolve this issue, DG now removes the changed certificate from its cache if a website certificate changes during the cache period. This ensures that certificate updates are propagated to the user's browser without delay.

  • The default user policy no longer overrides configured user policies on computers running DG Agent for macOS.