Endpoint Privilege Management for Mac 5.5 SR1 Release Notes

February 4, 2020

Improved performance times for Xcode compilation.
- The list of exclusions is now stored and executed at the kernel level, vastly reducing times due to no communication needed between daemons, rules processing, and the kernel.
- The Interrogator now reuses connections to reduce CPU time when a binary is triggered multiple times.

Endpoint Privilege Management finder extension can fail to load correctly on installation. This can be enabled manually by the end user or by deployment of a script.
In the MMC, ?* matches on a single valid character (non-white space) and "*" matches zero or more characters. Combined, they should match anything with more than one character, but also matches on empty strings, which is unexpected.
Unable to control authorizations from GarageBand updater.
Unable to control authorization from Xcode that adds users to the _developer group. This can be done via a deployed script or on the endpoint using a command.
Unable to effectively control authorization prompts triggered via AEWP / Security_AuthTrampoline. AEWP is a deprecated function and should not be used.

Cannot control auth prompt where Standard User installs apps through the app store. The application will install regardless of user interaction.
Cannot control auth prompt for Console.app when run as Standard User. Standard Users can still use the CaptureConfig utility for collecting logs for support.
System Preferences can fail to unlock using Endpoint Privilege Management for Mac. This has been reported to and accepted by Apple as a bug in macOS.

If you have a business requirement to downgrade the Mac client, please first uninstall the currently installed version.