Introducing CYFOX EDR for macOS: Prevention Capabilities for macOS Now Available!
We’re excited to announce the upcoming release of the first CYFOX EDR for macOS! Previously available only in sensor mode, this version introduces complete prevention, detection, and response capabilities.
CYFOX EDR for macOS is available starting with version 1.3.1.2. If you want to access the EDR capabilities, please use this version or later. If running an older version, please uninstall and install the latest version to upgrade.
Enhanced Detection Mechanisms
The latest EDR for macOS version enhances detection capabilities with advanced monitoring tools, including:
Packets Monitoring: Detects network connections and correlates them with malicious known processes, including details like process ID (PID), file path, and file hash.
File Integrity Monitoring (FIM) Extension: The latest version tracks file activities such as creation, modification, deletion, and movement and uses hash-based detection for detecting malicious files.
Malicious File and Network Detection: Identifies malicious files, IP addresses, and hashes using known threat intelligence feeds.
Powerful Prevention and Response Capabilities
CYFOX EDR now provides robust prevention and mitigation options, enabling fast and effective responses:
Malicious Process Termination: Seamlessly stops malicious processes by PID (Process ID) in normal mode or both PID and PPID (Parent Process ID) in aggressive mode. Modes can be customized via CYFOX XDR.
Blocks Malicious Connections: Automatically terminates related processes and blocks malicious connections with a persistent firewall rule for enhanced protection.
Malicious Files Quarantine: Ensures malicious files are safely quarantined while terminating associated processes to prevent further execution.
Network Isolation: Isolates compromised devices from all network traffic, maintaining secure communication with CYFOX servers for management and control.
Tamper Detection and Protection
The latest macOS EDR introduces advanced detection and alert capabilities for tampering attempts, such as deletion, movement, or encryption by attackers.
Additionally, any configuration changes made to the Agent are monitored and detected to ensure enhanced security and control.
Enhanced Real-Time Activity Monitoring
The Agent monitors interactive user session events, such as session lock and unlock activities. Additionally, it tracks critical system actions, including access to sensitive files, the creation of scheduled tasks, the loading of persistent agents or daemons, and the execution of untrusted processes with elevated privileges.
General Improvements
The latest macOS introduces a range of system-wide enhancements designed to elevate performance and responsiveness. These include optimized memory management, refined dynamic library handling, and more efficient event processing.