In Applixure Analytics, we have enhanced the detection capabilities for macOS agents in regard to security readiness reporting. These enhancements include better detection of firewalling status in managed device scenarios, extended detection for system extensions -based firewalls, as well as new detection capability for system extensions -based endpoint security products.
Previously, Analytics’s agent detected the presence and status of an installed anti-malware product from Windows workstation OS devices only, as Windows provides native interfaces for 3rd party products to query the status of the critical security products in use. Unfortunately, no such interface exists for the macOS operating system, and, for this reason Analytics couldn’t report anti-malware status for Mac users. In recent macOS versions – starting from Catalina – Apple has, however, introduced a new system functionality to replace old kernel extensions that were in the past used to implement such security products, called system extensions, and now macOS Analytics Agent is also making use of that standard interface to detect and report on any endpoint security products being active in the system.
Since in Apple’s taxonomy those products are called endpoint security products (ESPs) and not specifically anti-malware or anti-virus, for macOS devices we too are reporting the macOS ESP security readiness status separate from Windows devices’ security readiness status for anti-malware.
In addition to endpoint security detection, the macOS Analytics agent now also detects any system extensions -based network filtering products installed on a device and reports them in the firewalling category. In the firewalling category of security readiness, the names of detected firewalls are also reported where in the past, only the status was visible.