Santa is a binary whitelisting/blacklisting system for macOS. It consists of a kernel extension that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in case of a block decision and a command-line utility for managing the system and synchronizing the database with a server. Santa is not yet at 1.0. We're writing more tests, fixing bugs, working on TODOs and finishing up a security audit. It is named Santa because it keeps track of binaries that are naughty or nice. Santa is a project of Google's Macintosh Operations Team.
Explore By Topic