Configure Caching on Policies

Cache policy rules to enhance rule processing and reduce the possibility of performance issues. Endpoint Privilege Management for Mac caching detects and stores user actions that have been repeated recently. This improves performance during user actions which require many execution events within a short period of time (for example, compiling software).

Starting in version 24.1, caching is turned on by default.

Overview

Events that are cached include allowed binary execution events with no user interaction involved.

To protect your data, events that might be vulnerable to attack are not cached, and include:

• Unsigned binaries or sudo commands.
• Self-signed binaries.
• If the binary is contained in a rule which also matches on arguments.

Specifications

• The cache is stored in the memory of the endpoint security framework.
• The maximum size of the cache is 1 Megabyte.
• Currently stores up to approximately 130,000 entries.
• Every entry has a 30 seconds expiry time interval.

Configure Caching

Caching is packaged as part of the pmfm tool installed with Endpoint Privilege Management for Mac.

To turn on caching, run the following command:

sudo pmfm caching enable

To turn off caching, run the following command:

sudo pmfm caching disable