Release History

1.3.2.268 (2021-03-05)

Jamf Protect agent 1.3.2.268 includes the following enhancements and bug fixes:

  • Improved the protectctl command-line tool to include more verbose status information (e.g., Protected, Enrolling, Missing Plan) with the info command. For more information about the protectctl tool, see Core Components.

  • Added a Jamf Protect Uninstaller PKG that users can download and run on computers to remove the Jamf Protect agent. To access this download, navigate to Administrative > Downloads.

  • Fixed an issue that caused the agent to exclude some file events from Jamf Protect alerts and logs.

  • Fixed an issue that caused the Date & Time Set Automatically insight to incorrectly report on computers with macOS 11.

  • Fixed an issue that caused the EFI Version Is Valid And Regularly Checked insight to incorrectly report on Mac computers with Apple silicon.

For more information about upgrading computers to 1.3.2.268, see Jamf Protect Updates.

1.3.1.252 (2021-02-22)

This release includes UI updates for file downloads and a bug fix that addresses a Jamf Protect agent performance issue.

UI Enhancements for Jamf Protect Downloads

Download links for the latest Jamf Protect agent and other advanced download files have moved from the Account page to a new Downloads page in the Jamf Protect web app.

To access these downloads in Jamf Protect, navigate to Administrative > Downloads.

Custom Plan Configuration Profile Download Options

You can now customize which configuration profile payload settings and certificates are included with a plan when you download it from the Jamf Protect web app. This gives administrators more control over how Jamf Protect is deployed.

You can use the custom profile options to do the following:

  • Sign the configuration profile

  • Include the Privacy Preference Policy Control (PPPC) payload settings required by Jamf Protect

  • Include a WebSocket Certificate from Jamf Protect

  • Include a Certificate Authority (CA) from Jamf Protect

  • Include a Certificate Signing Request (CSR) identity from Jamf Protect

  • Include a Bootstrap Token

Note: All custom profile download options are enabled by default. Plans downloaded using the Download button on the Plans page or synced with Jamf Pro will continue to include all additional payload settings.

To access this feature, click Plans from the Jamf Protect sidebar, select a plan, and then click the Custom Profile tab.

New Built-in Analytics

The following built-in analytics have been added to Jamf Protect:

  • The "HiddenScriptRunFromVolumes" analytic monitors for hidden shell scripts that are executed from a mounted drive.

  • The "SuspiciousFileDownload" analytic monitors for downloaded files with a known malware file name.

For more information about these new analytics, click Analytics in the Jamf Protect sidebar.

To begin using these analytics in your environment, add them to your Jamf Protect plans. For more information about adding analytics to a plan, see Jamf Protect Updates.

Jamf Protect Threat Prevention Update: Version 5051 of Jamf Protect's built-in Threat Prevention feature prevents the new known malware Silver Sparrow. For more information about the Silver Sparrow macOS malware, see the Silver Sparrow Mac-specific malware blog from Jamf.

Removal of Legacy Deployments

The Deployments page has been removed from the Jamf Protect web app, and you can no longer create legacy deployments that combine the Jamf Protect agent and plans into a single package installer.

Legacy deployment packages previously created in the Jamf Protect web app are stored in the Archived Deployments tab on the Downloads page.

To continue deploying Jamf Protect to new computers, you must deploy the Jamf Protect agent and a plan configuration profiles separately via an MDM solution. For more information, see Jamf Protect Deployment.

Bug Fix

Jamf Protect agent 1.3.1.252 fixes an issue that caused an unexpected increase in CPU usage on computers when users were compiling code in Java.

1.3.0.249 (2021-02-08)

This release includes a new version of the Jamf Protect agent (1.3.0.249) and includes the following improvements and features:

Performance Enhancements with Apple's Endpoint Security Framework

On computers with macOS 10.15 or later, Jamf Protect now uses Apple's native Endpoint Security framework to monitor for suspicious file and process events. Utilizing the Endpoint Security framework allows the Jamf Protect agent to use fewer system resources while monitoring for threats, which allows the agent to run more efficiently on computers.

For more information about upgrading computers to 1.3.0.249, see Jamf Protect Updates.

Deployment Integration with Jamf Pro 10.27.0—If you have a Jamf Pro subscription, you can now deploy Jamf Protect directly from Jamf Pro. When you register your Jamf Protect tenant with Jamf Pro, you can do the following:

  • Download the latest Jamf Protect package.

  • Sync Jamf Protect plans and deploy them as computer configuration profiles by configuring scope.

  • Receive notifications in Jamf Pro when a new Jamf Protect version is available.

For more information about this integration, see the Deploying Jamf Platform Products Using Jamf Pro to Connect, Manage, and Protect Mac Computers technical paper.

Data Fowarding to Azure Sentinel (2021-02-02)

You can now forward data collected by the Jamf Protect Cloud to an Azure Sentinel workspace in your organization.

For more information, see Data Forwarding to a Third Party Storage Solution.

New Built-in Analytics for SSH Login Activities (2020-12-09)

The following built-in analytics that monitor SSH login activities are now available in Jamf Protect:

  • SSHLogin

  • SSHLoginAsRoot

  • SSHServiceEnabledViaCmd

To learn more about these analytics, go to the Analytics page in Jamf Protect and search for each analytic.

For instructions on adding analytics to a plan, see Jamf Protect Updates.

1.2.2.222 (2020-11-24)

Version 1.2.2.222 fixes an issue that prevented the agent from successfully monitoring for some macOS GateKeeper events and reporting them in the web app.

For more information about upgrading computers to 1.2.2.222, see Jamf Protect Updates.

Note: To deploy Jamf Protect to new computers with macOS Big Sur 11, see Jamf Protect Deployment.

Jamf Protect API and 1.2.1.221 (2020-11-18)

This release includes the availability of the Jamf Protect API and a new version of the Jamf Protect agent (1.2.1.221).

Introducing the Jamf Protect API

The Jamf Protect GraphQL API is the primary resource for programmatically interacting with Jamf Protect.

The Jamf Protect API is built using GraphQL, an advanced query service and language that allows you to granularly search and access your data from a single endpoint.

For more information about the Jamf Protect API, including instructions on setting up a test environment using the Altair GraphQL Client application, see Jamf Protect API.

Bug Fix

Fixed an issue that caused computers to continue using the MQTT communications protocol after the computer’s plan was changed to use WebSocket/MQTT, which prevented computers from checking in to Jamf Protect on restricted networks

For more information about upgrading computers to 1.2.0.217, see Jamf Protect Updates.

Note: To deploy Jamf Protect to new computers with macOS Big Sur 11, see Jamf Protect Deployment.

1.2.0.217 (2020-11-16)

This release includes a new version of the Jamf Protect agent (1.2.0.217) and includes the following improvements and features:

Compatibility with macOS 11 and Apple Silicon

Jamf Protect agent 1.1.6.188 or later provides compatibility with macOS Big Sur 11.

Jamf Protect agent 1.2.0.217 is now a universal binary that runs natively on Macs with Apple silicon*.

*Hardware support is based on testing with the Mac Developer Transition Kit.

Bug Fixes

  • Fixed an issue that caused the " PlistDisguisedAsApple" analytic to incorrectly report valid Apple PLISTs as threats.

  • Fixed an issue that prevented users from reliably disabling and enabling insights, which sometimes caused Jamf Protect to inaccurately display which insights were enabled or disabled in a tenant.

  • Fixed an issue that caused the protectctl repair command to return logs at the "Warn" log level instead of the "Info" log level.

For more information about upgrading computers to 1.2.0.217, see Jamf Protect Updates.

Note: To deploy Jamf Protect to new computers with macOS Big Sur 11, see Jamf Protect Deployment.

Data Fowarding to an Amazon S3 Bucket (2020-10-23)

You can now forward data collected by the Jamf Protect Cloud to an Amazon S3 bucket in your organization.

Keep the following in mind when enabling data forwarding to Amazon S3:

  • If you do not have an Amazon S3 bucket or you want to create a dedicated S3 bucket for Jamf Protect, you can use the Jamf-provided AWS CloudFormation template to create a new S3 bucket and the IAM role for Jamf Protect. To download the template file, navigate to Administrative > Data in the Jamf Protect sidebar.

  • Only data that is sent to the Jamf Protect Cloud via an action configuration (alerts, logs, and unified logs) can be forwarded to Amazon S3.

  • In the Cloud Collection Options for action configurations, the Forward Unified Log Data to a Third Party Storage Solution checkbox is now available. This setting will send all unified log data collected by Jamf Protect to an already configured Amazon S3 bucket.

    Note: Unified log data is not displayed in the Jamf Protect web app.

To enable data forwarding, navigate to Administrative > Data in the Jamf Protect sidebar.

For more information, including instructions, see Data Forwarding to a Third Party Storage Solution.

Unified Log Remote Collection Endpoint

In action configuration settings, unified log data can now be configured with its own remote collection endpoint under Unified Log Collection Endpoints.

Note: If you previously used the Log Collection Endpoints to send unified log data, your configured endpoint values for this setting have been automatically copied and populated into the new Unified Logs Collection Endpoint Settings.

1.1.6.193 (2020-10-16)

Version 1.1.6.193 fixes the following issues:

  • Fixed an issue that caused Jamf Protect data sent to remote collection endpoints, such as a security information and event management (SIEM) solution, to appear in an unexpected format.

    Note: Data searches that query data sent to a remote collection endpoint between 2020-10-12 9:25 PM GMT and 2020-10-16 8:45 PM GMT must include an additional "report" key in the search criteria in the following format: {“input”:{“report”:{“match”:{“facts”:...}},“retry”:“endpoints”},…}
    Any data sent to a remote collection endpoint outside of the above time range will be searchable with the previously used search format: {“input”:{“match”:{“facts”:[...}]}},…}

  • Fixed an issue that caused the Jamf Protect agent to check-in at an increased frequency when insights were disabled on computers or the agent could not contact the Jamf Protect Cloud.

1.1.6.188 (2020-10-12)

This release includes a new version of the Jamf Protect agent (1.1.6.188) and includes a new deployment method, audit logs for the Jamf Protect web app, and UI enhancements for administrative settings.

Plan and Agent Deployment Updates

The Jamf Protect agent and plans can now be downloaded separately from your Jamf Protect tenant and deployed via an MDM solution. This allows users more flexibility during deployment and the ability to use an MDM solution, such as Jamf Pro, to perform mass actions and granular changes with plans.

Keep the following in mind about this new deployment method:

  • This deployment method is recommended for all target computers and required for target computers with mac OS Big Sur 11* or later.

    Note: A future release of Jamf Protect will discontinue the legacy deployment method that uses a single package to install the agent and plans.

  • If Enable AutoUpdate is selected in a plan, computers with that plan will continue to automatically install the latest Jamf Protect agent version when available.

  • The plan configuration profile should be deployed first or at the same time as the Jamf Protect agent. If the Jamf Protect agent is deployed without a plan configuration profile, computers will not check in with the Jamf Protect Cloud and the agent will not successfully monitor for threats.

*Feature support is based on testing with the latest Apple beta releases.

Plan Configuration Profiles

Plan configuration profiles can be downloaded from your Jamf Protect tenant in .mobileconfig format and deployed to computers via an MDM solution.

A plan configuration profile includes the following payloads, as displayed when uploaded to Jamf Pro:

  • Application & Custom Settings—Includes plan settings, analytics, and action configuration

  • Privacy Preference Policy Control—Grants Jamf Protect full disk access.

  • Certificates—Deploys Root CA Certificate, Certificate Request Identity, WebSocket Authorizer Key

Notes:

  • Downloaded configuration profiles are signed and cannot be edited after you upload it to Jamf Pro.

  • Plan configuration profiles must be deployed via a user-approved MDM solution.

  • The Root CA will appear as untrusted on computers when installed via a plan configuration profile.

To download a plan, go to the Plans page and click the download icon images/download/thumbnails/81950849/Screen_Shot_2020-10-01_at_4.09.43_PM.png next to a plan.

Jamf Protect PKG

The Jamf Protect PKG installs the latest Jamf Protect agent on computers without an associated plan or additional configuration.

To access the Jamf Protect PKG download, navigate to Administrative > Account in your Jamf Protect tenant and click the Jamf Protect PKG download link.

For more information about this deployment method, including instructions, see Jamf Protect Deployment.

Note: If you run the Jamf Protect uninstaller provided by Jamf Support, all Jamf Protect files will be removed, except for the plan. If used, you must manually remove the plan from your MDM solution and re-install a new plan on computers in addition to the new Jamf Protect agent.

Audit Logs

Audit logs track and display all activity by users in the Jamf Protect web app. To view audit logs for your Jamf Protect tenant, navigate to Administrative > Audit Logs.

For more information, see Audit Logs.

Administrative Settings UI Enhancements

The “Information” heading in the Jamf Protect sidebar has been removed and replaced with the Administrative settings grouping. This grouping contains the following nodes:

  • Account—Organization information, Jamf Protect PKG and advanced downloads, user information, and data retention settings

  • Documentation—Reference tables for creating analytics and predicate-based detections

  • Audit Logs—Activity by users in the Jamf Protect web app.

Log Level Configuration Update

The Log Level setting, which determines the severity level of Jamf Protect agent logs on computers, is now configured in a plan rather than a deployment package.

For computers that have already received a deployment package and plan via the legacy deployment method, keep the following in mind when you change the log level in a plan:

  • Computers that received log level settings from a legacy deployment package will continue to log at the previously set level, but their plan will display the log level as "Not Set".

  • If you change the log level in a previously created plan from "Not Set" to a specific log level, the new setting will be applied to all computers assigned that plan and override the previously used log level that was configured in a legacy deployment package.

For newly created plans and deployments, keep the following in mind:

  • If you continue to use the legacy deployment method, you must set the log level in a plan.

  • By default, the log level will display as "Not Set" in a plan but "Error" will be used if a specific log level is not selected.

1.1.5.184 (2020-10-01)

Version 1.1.5.184 fixes an issue that caused Jamf Protect to use an unexpected amount of memory on some computers.

1.1.5.177 (2020-09-21)

This release includes a new version of the Jamf Protect agent (1.1.5.177) and the following improvements.

Insights Enhancements and Redesign

The following improvements have been made to Jamf Protect insights.

Insights Collection Enhancements

Computers with 1.1.5.177 or later of the Jamf Protect agent now support the following insight collection improvements:

  • Insights now align with the latest Center for Internet Security (CIS) benchmark recommendations for macOS 10.15.

  • Each enabled insight will now report accurate compliance statuses for settings regardless of whether the setting is configured locally or managed via MDM.

For more information about CIS benchmarks, see the following resource from CIS: https://www.cisecurity.org/benchmark/apple_os/

Insights Page Redesign

The Insights page has been redesigned to make it easier to view and monitor insight compliance by category, status (enabled or disabled), and CIS level.

images/download/attachments/81950849/Screen_Shot_2020-09-18_at_2.44.41_PM.png

The redesign also includes the following enhancements and changes:

  • The insight numbers that correlated to the CIS benchmarks have been removed. All insights that match a CIS benchmark recommendation now have a CIS Level tag.

  • The status bar on each insight has been redesigned to make it easier to assess overall insight compliance across all computers.

  • The Insights dashboard in the Overview section of the Jamf Protect web app has been removed.

  • The Insights status and tab in Computer Info pages have been updated to match the Insights page redesign.

To view the new Insights page, click Insights in the Jamf Protect sidebar.

For more information about managing insights for your organization, see Insight Management.

Bug Fixes and Enhancements

Values for the following information returned from the protectctl info command have been updated to correspond with the web app UI:

  • "Config ID" was renamed to "Plan ID".

  • "Config Hash" was renamed to "Plan Hash".

  • "Signature Feed" was renamed to "Threat Prevention Version ".

  • "Last Info Sync" was renamed to "Last Check-in".

For information about upgrading computers to 1.1.5.177, see Jamf Protect Updates.

New Built-in Analytic (2020-09-03)

The “SuspiciousOfficeActivity ” Analytic monitors for suspicious activity from weaponized macros in productivity software.

For instructions on adding this Analytic to a plan, see Jamf Protect Updates.

Deployment Bug Fix (2020-08-25)

Fixed an issue that prevented the Jamf Protect agent from being deployed with Jamf Now and other MDMs that use the InstallApplication or InstallEnterpriseApplication MDM commands.

1.1.4.169 (2020-08-20)

This release includes a new version of the Jamf Protect agent (1.1.4.169) and the following improvements.

Command-line Interface Options

You can now use the protectctl command-line tool to execute simple tasks with Jamf Protect. The following commands are available:

Command

Description

repair

Finds and repairs issues that may occur during installation of the Jamf Protect agent

version

Prints the Jamf Protect agent version installed on computers

info

Prints the following information about computers:

  • Plan ID

  • Plan hash

  • Threat database version

  • The date and time of the last agent check-in

  • The date and time of the last insights check-in

checkin

Forces a Jamf Protect agent check-in on computers. You can also use the --insights flag to force an insights check-in.

help

Prints help information about protectctl commands

Bulk Changes for Plans

You can now change the plan on multiple computers by creating and deploying a new deployment package that contains a different plan.

For instructions, see "Manually Deploying Agent Updates" in the Jamf Protect Updates section of this guide.

Bug Fixes and Improvements

Reduced the CPU and memory usage of the Jamf Protect agent on computers.

New Built-in Analytics (2020-08-18)

The following built-in Analytics that monitor for suspicious activities that attempt to access Safari cookies and bypass authentication prompts have been released:

  • "SafariCookieAccessedWithSCP"

  • "SafariSessionAddedToKeychain"

To learn more about these Analytics, go to the Analytics page in Jamf Protect and search for each Analytic.

For instructions on adding these Analytics to a plan, see Jamf Protect Updates.

1.1.3.163 and Data Retention Settings (2020-07-31)

This release includes a new version of the Jamf Protect agent (1.1.3.163) and the following improvements.

Agent Performance Enhancements

  • Improved the usage of Apple's Endpoint Security Framework's caching capabilities during process authorization

  • Changed the log level of Unified Log Filters from info to default

  • Simplified the amount of file activity monitored by built-in Analytics

Data Retention Settings

If you send data to the Jamf Protect Cloud, you can now configure data retention settings for your organization. Data retention settings allow you to configure the following:

  • The number of days that alerts and logs are viewable in the Jamf Protect web app

  • The number of days that alerts and logs are securely archived

By default, alerts and logs are viewable and securely archived for 365 days unless the alert or log databases exceed 2 million entries.

To configure data retention settings in Jamf Protect, navigate to Accounts > Data Retention.

Note: Data retention settings can only be changed once every 24 hours.

For more information, see Alerts and Logs.

New Built-in Analytic and Other Changes (2020-07-10)

  • The “SetuidBitOnShell” Analytic monitors for shells that are executed as basic users but are running with root privileges.

  • Jamf Protect has made some changes to how we retain your alert and log data in the Jamf Protect Cloud. For more information, see Alerts and Logs.

  • The Threat Database Options setting in a plan is now named Built-in Threat Prevention Options.

1.1.2.149 (2020-06-22)

This release includes a new version of the Jamf Protect agent (1.1.2.149) and the following improvements:

New Built-in Analytic

The “FlashDownloadNotSignedByAdobe” Analytic monitors for threats from attackers that disguise malware and adware as an Adobe Flash Player DMG.

Bug Fixes and Enhancements

  • Fixed an issue that caused unexpected errors when Unified Log Filters were configured with an invalid predicate.

  • Improved the stability of Jamf Protect agent upgrades.

To upgrade computers to 1.1.2.149 and update plans, see Jamf Protect Updates.

Note: If the Enable AutoUpdate setting is enabled in a plan, computers with that plan will automatically receive the agent update the next time they check in with Jamf Protect.

New Built-in Analytic (2020-06-04)

"ProcessDisguisedAsApple" creates an alert when defense evasion tactics that blend in with Apple processes on the operating system occur. To begin using this Analytic, add it to your plans.

For more information about adding an Analytic to a plan, see Jamf Protect Updates.

1.1.0.124 (2020-05-19)

This release includes a new version of the Jamf Protect agent (1.1.0.124), which supports the following new feature.

Introducing Threat Prevention

Threat Prevention is Jamf Protect's built-in feature that can detect, block, and quarantine malicious processes on the Mac. Threat Prevention uses the Jamf Protect threat database, an extensive repository of signatures and certificate information associated with known macOS malware, to monitor computers for processes that match the database. When matches occur, Jamf Protect can automatically block the matching process and quarantine the associated file.

To use Threat Prevention, you need the following:

  • Computers with macOS 10.15.0 or later

  • Computers with version 1.1.0.124 or later of the Jamf Protect agent

For agent update instructions, see the Jamf Protect Updates section of this guide.

How Jamf Protect responds to database matches can be configured with the Threat Database Options setting in a plan.

Note: By default, existing plans will be configured to Report Only, which only creates an alert for database matches in the Jamf Protect web app. Any new plans will be configured to Block & Report threats by default.

For more information about Threat Prevention, see the Threat Prevention with Jamf Protect section of this guide.

UI Enhancements

  • Insights and computer check-in interval settings in a plan are now configured in minutes rather than seconds.

  • The Prevent tab has been renamed Threat Prevention and contains an overview of the both the threat database and custom prevent lists.

1.0.5.93 (2020-04-20)

This release includes a new version of the Jamf Protect agent (1.0.5.93), which supports the following improvements.

Unified Logging

You can now filter and collect real-time macOS Unified Log messages from computers across your organization with the same predicate-based filter criteria that are often used with the log command. The Jamf Protect agent can collect log entries from configured filters, and then send them to a security information and event management (SIEM) solution. To configure this feature, click Unified Logging in the Jamf Protect sidebar.

Note: Integration with a SIEM solution is required to use this feature

For more information, see Unified Logging.

In-App Announcements

The Jamf Protect web app now displays helpful tool tips and highlights new features. Look for the annoucement icon images/download/thumbnails/81950849/Screen_Shot_2020-04-16_at_12.11.38_PM.png in the Jamf Protect web app to see the latest in-app announcements and resources.

New Built-in Analytic

The "InsecureElevatedExecution", which monitors usage of Apple's deprecated AuthorizationExecuteWithPrivileges API to escalate a user-owned executable to root, has been added to Jamf Protect. For more information, click Analytics in the Jamf Protect sidebar and enter "InsecureElevatedExecution" in the search field.

Default Deployment, Bug Fixes, and Other Enhancements (2020-04-07)

The following improvements have been made to the Jamf Protect web app:

Default Deployment Package

Jamf Protect now includes a default Deployment, Plan, and Action Configuration. The default Deployment includes the default Plan and Action Configuration and can be immediately downloaded on the "Deployments" page. The default Plan and Action Configuration can be included in additonal deployments that you may create for your organization.

Bug Fixes and Other Enhancements

  • If you edit a Plan in Jamf Protect, an alert icon images/download/thumbnails/81950849/Screen_Shot_2020-04-07_at_3.32.03_PM.png and dialog will display on the Computers page when a computer has not checked in and received the updated Plan. You can also select an individual computer, click the Computer Info tab, and then view the alert dialog next to the Plan Hash attribute to see the expected hash of the new Plan version.

  • Fixed an issue that sometimes prevented the "Alerts" and "Logs" pages from loading correctly when clicked.

1.0.4.91 (2020-03-18)

This release includes a new version of the Jamf Protect agent (1.0.4.91), which includes the following changes:

International Support

Jamf Protect has received agent and infrastructure updates to support non-United States and Canada users in the EMEIA region. If you are an international customer, you must deploy 1.0.4.91 or later of the Jamf Protect agent to computers.

New Built-In Analytic

The "TmpFileWithBase64Argument" Analytic, which monitors for files in a user's /tmp directory that use a large base64 string as its last argument, has been added.

Bug Fixes and Other Enhancements

  • Fixed an issue that caused the Computers page to take 10 or more seconds to load.

  • Insights are now enabled by default when creating a new Plan.

New Built-In Analytic and Bug Fix (2020-03-02)

  • Added the "EarthwormMalware" Analytic, which monitors for known arguments from the Earthworm hacking tool that can be used to move laterally across a network.
    For more information, click Analytics in the Jamf Protect sidebar and enter “EarthwormMalware” in the search field.

  • Fixed an issue that prevented some users from downloading deployment packages with Safari.

Persistent User Settings and Bug Fixes (2020-02-27)

Persistent User Settings

The Jamf Protect web app now remembers a user's selected preference of the following settings during successive logins:

  • Whether GMT Timestamp is enabled or disabled

  • Whether "Dark" or "Light" mode is selected for View Mode

  • Whether the Card images/download/thumbnails/81950849/Screen_Shot_2020-02-27_at_1.45.34_PM.png or List images/download/thumbnails/81950849/Screen_Shot_2020-02-27_at_1.46.09_PM.png view is selected in each section of the web app.

Bug Fixes and Other Enhancements

  • Fixed an issue that prevented Jamf Protect from redirecting to the login page when a user session was invalid or expired.

  • Fixed an issue that allowed Action configurations to be created without a name, which prevented users from selecting the Action configuration in the list view.

  • The "GateKeeperBlockedUnsignedOrUnknown" Analytic now reports as an alert rather than a log by default.

1.0.3.85 (2020-01-29)

This release includes a new version of the Jamf Protect agent (1.0.3.85) and the following enhancements and bug fixes:

Enhancements

  • Improved Jamf Protect agent communications for environments with corporate proxies using MQTT over WebSockets.

  • Added the ability to detect and use local poxy settings on macOS 10.15 or later.

Bug Fixes

  • Fixed an issue that caused all logs collected by the Jamf Protect agent on computers to report at the debug log level.

  • Fixed an issue that caused a deadlock when HTTP events performed by the agent would fail.

  • Fixed an issue that caused some Insights to report an incorrect status.

  • Fixed an issue that caused an error when sorting computers by their Plan.

  • Improved the display of filenames uploaded to create Prevention lists.

Bug Fixes and UI Improvements (2019-12-13)

  • Improved error messaging that displays when attempting to create a Deployment without a Plan.

  • Fixed an issue that caused the Insights Collection Interval to unexpectedly default to 86400 seconds (one day) and enforce a minimum limit of 300 seconds (5 minutes) without the user's knowledge.

  • Improved the Jamf Protect agent's ability to monitor the XProtect version on Mac computers.

  • Fixed an issue that caused a deadlock when HTTP communications with the Jamf Protect agent would fail.

New Analytics and UI Improvements (2019-12-10)

New Built-In Analytics

New built-in Analytics have been added that monitor the following activities on Mac computers:

  • Gatekeeper blocking activities

  • Malware Removal Tool (MRT) activities

  • Google Chrome, Safari, and Firefox browser exploitation activities

  • Commands that create a shell with a reverse network connection

  • PLIST files disguised as Apple

Bug Fixes

  • Fixed an issue that caused text to overlap in the Computers tab.

  • Fixed an issue that caused the Bluetooth Sharing Disabled Insight to display an inaccurate status.

  • Fixed an issue that caused login errors in Safari when using a passwordless authentication method.

1.0.2.76 (2019-11-25)

Important: Process blocking and data displayed in the Apple Security dashboard require the latest Jamf Protect agent (1.0.2.76) and computers with macOS 10.15 or later.

Process Blocking with Prevent Lists

Added the ability to create prevent lists, which allow for processes executed with a pre-defined hash or signing information to be blocked on Mac computers. In Jamf Protect, click Prevent to create a prevent list. For more information about prevent lists, see the Custom Prevent Lists section in this guide.

New Dashboards

  • Added the Apple Security dashboard, which provides additional visibility into Apple's native security tools: XProtect, MRT, and Gatekeeper. To view the Apple Security dashboard, navigate to Dashboards > Apple Security.

  • Added the Insights dashboard, which highlights how many computers are compliant or noncompliant for each Insight. To view the Insights dashboard, navigate to Dashboards > Insights.

Bug Fixes and Other Enhancements

  • Made various improvements in the Jamf Protect UI to enhance functionality.

  • Fixed an issue that prevented users from sorting Plans by the "Actions Config" column.

  • Fixed an issue that prevented Jamf Protect from monitoring screenshot activities on macOS 10.15.


Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.