We stand with Ukraine to help keep people safe. Join us
Santa free download for Mac

Santa

Version 2023.8

Whitelisting/blacklisting system for macOS.

Free
Absolutely Free

Santa overview

Santa is a binary whitelisting/blacklisting system for macOS. It consists of a kernel extension that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in case of a block decision and a command-line utility for managing the system and synchronizing the database with a server. It is named Santa because it keeps track of binaries that are naughty or nice.

What’s new in version 2023.8

Updated on Nov 14 2023

Fixed:
  • Fixed issue where client mode was almost always logged as "unknown" (since v2023.5)
  • Fixed issue where TeamID and SigningID rules were evaluated when a binary had codesign issues.
Changed:
  • Default button text used in UIs when a Custom URL is set
Added:
  • Mount name information added to disk events
  • rules_received and rules_processed fields now sent in postflight request
  • SigningID rules now support transitive allowlisting
  • File Access Authorization now supports UI flows, similar to blocked binary executions
  • File Access Authorization enforcement can now be controlled via sync settings
  • Rules can now be imported/exported as JSON via santactl
Changed:
  • Added TransitiveWhitelisting explanation to rules.md by @p-harrison in #1150
  • Add support for was_mmaped_writeable to file write monitoring when using macOS 13+ by @pmarkowsky in #1148
  • Fix issue where re config types couldn't be overridden by @mlw in #1151
  • Add mount from name information to disk appear events by @mlw in #1153
  • Remove references to old EnableSystemExtension config key by @mlw in #1155
  • sync: Send rules_received and rules_processed fields in postflight request by @russellhancox in #1156
  • Add SigningID/TeamID to Event definition in sync-protocol.md by @p-harrison in #1158
  • Correction to sync-protocol.md by @p-harrison in #1159
  • Fix new buildifier issues by @mlw in #1162
  • Additional metrics for File Access Authorizer client by @mlw in #1160
  • Use default event detail button text when a custom URL is set by @mlw in #1161
  • Restore file_bundle_hash & file_bundle_binary_count to Sync Protocol Docs by @pmarkowsky in #1164
  • Document SyncExtraHeaders in configuration.md by @p-harrison in #1166
  • Fix issue where client mode was almost always logged as "Unknown" by @mlw in #1165
  • Remove logupload stage from syncing-overview.md by @p-harrison in #1168
  • Fix typo in troubleshooting.md by @kyoshisuki in #1169
  • Update rules.md with more detail on Transitive/Compiler rules by @p-harrison in #1172
  • Add Tests for #1165 Behavior. by @pmarkowsky in #1173
  • Bump bazel and build_bazel_rules_apple versions by @mlw in #1178
  • Make Transitive Allowlisting Work with Signing ID rules by @pmarkowsky in #1177
  • Update Protobuf and Abseil versions by @mlw in #1179
  • UI For Blocked File Access by @mlw in #1174
  • Add ability to override File Access actions via config and sync settings by @mlw in #1175
  • Add basic support for importing and exporting rules to/from JSON by @pmarkowsky in #1170
  • Flatten deps to satisfy internal checkers by @mlw in #1182
  • Internal build fixes by @mlw in #1183
  • Use 'set -xo pipefail' instead for lint.sh by @tnek in #1185
  • Pin GitHub Actions to Specific Versions by @pmarkowsky in #1184
  • Add ability to specify custom event URLs and button text for FAA dialog by @mlw in #1186
  • Remove superfluous import by @mlw in #1188
  • Update sync-protocol.md by @p-harrison in #1187
  • Fix missing Santa block gif by @pmarkowsky in #1193
  • Only eval TID and SID rules when the binary signature is valid by @mlw in #1191

Information

License

Free

Size

12.8 MB

Developer’s website

https://github.com/google/santa

Downloads

2278

App requirements

  • Intel 64
  • Apple Silicon
  • macOS 11 or later
Try our new feature and write a detailed review about Santa. All reviews will be posted soon.

Write your thoughts in our old-fashioned comment

MacUpdate Comment Policy. We strongly recommend leaving comments, however comments with abusive words, bullying, personal attacks of any type will be moderated.
0.0

(0 Reviews of )

There are no reviews yet
  • Comments

  • User Ratings

higherterrain-1
higherterrain-1
Dec 2 2022
2022.11
0.0
Dec 2 2022
0.0
Version: 2022.11
No actual benefit to enduser that I could see running it since it came out. Waste of space.
RogerKatz
RogerKatz
Jul 10 2018
0.9.28
0.0
Jul 10 2018
0.0
Version: 0.9.28
MacUpdate's download link is invalid. I was able to get this version from: https://github.com/google/santa/releases
Help the community
There are no ratings yet, be the first to leave one
How would you rate Santa?
Free
Absolutely Free
How would you rate Santa?
Similar apps
BlockBlock
Alerts you to the addition of a persistent system component.
Is this app is similar to BlockBlock? Vote to improve the quality of this list.
Vote results
6
Upvotes
6
Total score
0
Downvotes
Lulu
Shared-source macOS firewall.
Is this app is similar to Lulu? Vote to improve the quality of this list.
Vote results
4
Upvotes
4
Total score
0
Downvotes
Gas Mask
Hosts-file manager, edit hosts files, and switch between them.
Is this app is similar to Gas Mask? Vote to improve the quality of this list.
Vote results
2
Upvotes
2
Total score
0
Downvotes
Murus Pro
Advanced GUI for OS X PF firewall.
Is this app is similar to Murus Pro? Vote to improve the quality of this list.
Vote results
3
Upvotes
2
Total score
-1
Downvotes