santa
« Back to VersTracker
Description:
Binary authorization system
Type: Cask  |  Latest Version: 2026.1@0  |  Tracked Since: Dec 17, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: security macos binary-authorization endpoint-security malware-prevention
Install: brew install --cask santa
About:
Santa is a binary authorization system for macOS that monitors and controls process execution using a rule-based approach. It can operate in a monitor-only mode to log execution events or in a block mode to prevent unauthorized binaries from running. This tool provides a robust security layer for detecting and preventing malware execution.
Key Features:
  • Kernel-level process monitoring via EndpointSecurity API
  • Flexible rule system (allowlist, blocklist, and certificate rules)
  • Event logging for forensic analysis
  • Support for both monitor and block modes
  • Integration with system extensions for enhanced security
Use Cases:
  • Preventing execution of known malware or unauthorized applications
  • Auditing process execution across an enterprise fleet
  • Enforcing compliance by blocking non-approved software
  • Investigating security incidents through execution logs
Alternatives:
  • BlockBlock – Focuses on persistent threat monitoring rather than real-time execution control
  • KnockKnock – Primarily for persistence enumeration, not live process blocking
Version History
Detected Version Rev Change Commit
Jan 29, 2026 10:36pm 2026.1 0 VERSION_BUMP 10db69c1
Dec 18, 2025 7:39pm 2025.12 0 VERSION_BUMP c6462c52
Dec 17, 2025 7:45pm 2025.11 0 VERSION_BUMP 14fd910b
Aug 28, 2025 7:50pm 2025.8 0 VERSION_BUMP 22fba37e
Jul 31, 2025 4:18pm 2025.7 0 VERSION_BUMP e3133f18
Aug 7, 2024 3:54pm 2024.7 0 VERSION_BUMP 76691200
Jul 26, 2024 3:52pm 2024.6 0 VERSION_BUMP 0d342c12
« Back to VersTracker  |  Browse Packages  |  About