Santa – A Binary Whitelisting and Blacklisting for MacOS

Google Santa is a free antivirus for Apple OS X operating system. This program consist of a kernel extension that monitors opened or modified files and a component (daemon) running in the background that will take decisions based on the contents of the SQLite database.

There is also a GUI interface designed to display notifications in case there is a suspicious program blocked.

Santa - A Binary Whitelisting and Blacklisting for MacOS
Santa – A Binary Whitelisting and Blacklisting for MacOS

Santa work in two modes the monitor mode will block blacklisted files and application and allow files not on the list and the second mode is lockdown which will allow just files that user define and block all remaining application.

The application allows as well to add applications to the white and black lists based on digital signature (certificate). For example, prevent all applications with a certificate from a specific certificate publisher. At the same time, the administrators still have the opportunity to select the settings priority: allow the application, which was previously blacklisted, by certificate or vice versa, block applications that are in the white list by certificate.

Generally non signed application may introduce a risk of malwares and using certificate will make a group of application allowed for execution and provide an easy way to create a golden image/System Lockdown.

Initially Google developed this application to protect Mac OS computer users at the corporate offices and they always support the community with open source projects that allow users to protect their systems.

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments