Crescendo v1.0.4 releases: real time event viewer for macOS
Crescendo
Crescendo is a swift based, real-time event viewer for macOS. It utilizes Apple’s Endpoint Security Framework.
Apple has introduced some new security mechanisms that we need to enable to get Crescendo running.
- Ensure that you have moved the app to your /Applications director or the system extension will fail to loa
- After running for the first time, you will need to approve the system extension (This will prompt you during the first run the app after the user clicks the “Start” button).NOTE: I have noticed that there is an issue where System Preferences won’t show an allow button. I assume this is some internal issue Apple needs to workout. Clickout back on system preferences and navigating forward again seems to fix the issue.
- You will need to enable Full Disk Access for the system extension.
Components
This project consists of three main components:
- A system extension (CrescendoExtension)
- A Framework wrapper around the Endpoint Security Framework (Crescendo)
- An app for viewing events in a nice little user interface (CrescendoApp)
Changelog v1.0.4
This release includes the following updates:
Features
- Added menu bar item to hide dock icon (daemon mode)
- Added blacklist settings option (prevent process from launching)
- Added purge events options to remove memory pressure when collecting many events
- Added human readable date time to time column
- Added window resizing support to app window
Bug Fixes
- Fixed 3 potential dangling pointer issues
- Updated changes with ESF API changes
- Fixed division issues in nanosecond calculation
- Fixed an issue where process names were incorrectly reported
Install
Copyright (C) 2020 Stephen Davis.
Copyright (C) 2020 FireEye, Inc. Created by Stephen Davis.
