Hi All - I am looking to upgrade our users from ESET Entry to ESET Complete to make use of the Cloud Office security as well as Dynamic Threat defense. Users are a mix of Mac and Win 10. In the Windows policy I can see the setting to enable Dynamic Threat Defence however nothing is visible in Mac. How to update Microsoft Defender for Endpoint on Mac. Microsoft regularly publishes software updates to improve performance, security, and to deliver new features. To update Microsoft Defender for Endpoint on Mac, a program named Microsoft AutoUpdate (MAU) is used. To learn more, see Deploy updates for Microsoft Defender for Endpoint on Mac.

1. Bitefight Defense Mac Os 11
2. Bitefight: Defense Mac Os X
3. Bitefight: Defense Mac Os Pro

Recent updates to OS X/MacOS and Java have raised many new questions regarding DBsign. In this document, we will address the most common issues that we see.

There are many web sites and forums out there with solutions to DBsign related issues. Some of this information is good, some is outdated, and some is completely wrong. If you have issues or questions regarding DBsign on OS X/MacOS, please contact us first and we will help to point you in the right direction.

If you need to contact us, you can do so HERE.

Frequently Asked Questions

Do I need to download the DBsign software?

No, there is no DBsign software to download and install on your Mac.

However, DBsign does require that Java be installed and configured properly to work in your web browser. You can check to see if java is working properly in your browser with the following web sites:

• Screenshot from the official Java web site.

• Screenshot from DBsign's Java test page.

One (or both) of the pages listed above MUST be able to detect Java before any DBsign enabled web site will work. If Java cannot be detected, you must fix the problem before you can proceed further.

What version of Java do I need?

We recommend that you always have the latest version of Java installed on your Mac. New java updates are pushed out regularly, and it is important to keep up to date.

When new Java updates are made available, your old version my stop working properly. Security features in OS X/MacOS and Java itself will often disable (or lock down) previous versions of the Java plugin from working in your browser.

It is very important to always keep your Java installation up to date. You can download the latest versions of Java from HERE.

What web browsers are supported?

Any browser that supports the Java plugin should work for DBsign.

On OS X/MacOS, the Java plugin is 64-bit only; this means that only 64-bit browsers are supported. Safari and Firefox both support the Java plugin; however, Chrome is a 32-bit only browser and does not run Java. For this reason, DBsign will not run in Chrome on OS X/MacOS.

How do I configure Safari to run DBsign?

In order to grant the necessary permissions to web sites running DBsign, we must edit Safari's security preferences.

From the 'Safari' menu, choose 'Preferences'and then go to the 'Security' tab. Here, you will see a button that says 'Manage website settings...'. You you click on the button, you will see something like this:

Safari 9 (and earlier)

Locate each web site that uses DBsign in the list (our demo.dbsign.com site, the Defense Travel System site, etc). In the drop down box to the right of the web site address, choose 'Run in Unsafe mode'. This gives DBsign all the permissions it needs to run properly. DO NOT change this setting for web sites you do not explicitly trust.

If you do not see the proper web site in the list, you will need to visit that site and attempt to use DBsign. You will most likely receive a DBsign error, but the web site should now be included in this list. You should be able to change its settings now.

Safari 10 (and later)

Starting with Safari 10, the option to toggle 'Safe mode' still exists, but it is hidden.

Now, when you go to set DBsign/Java to run in 'unsafe mode', the only options are 'Ask', 'Off', and 'On':

However, if you press and hold the 'alt/option' key on your keyboard, you are given more options:

Make sure that 'On' is checked, and 'Run in Safe Mode' is unchecked.

How to I test DBsign?

We have a test page here:

If Java is working, and DBsign is able to load, you will see a page that looks like this:

If the pages just sits there with a 'Loading DBsign...' message, then Java is probably not working properly. See the section above for information regarding checking your Java version.

If you get an error message when loading this page, please contact us for help.

If the page loads properly, you should be able to click on the 'sign' button in the middle of the page. This will tell DBsign to generate a digital signature using one of the certificates on your computer or smart card. If no error occurs, your page will look like this (with signature information filled out):

If you get an error message when attempting to sign, please contact us for help.

How do I fix a 305 error code?

305 errors generally indicate that Safari has not been configured properly. See the seciont above concerning Safari configuration.

How do I fix a 112 error code?

The 112 'no signing certificates' error usually means that DBsign was unable to find any usable certificates on your computer. This can happen if your CAC certificates are either expired or revoked; however, it is more likely that you either do not have CAC enabling software (or middleware) installed or it is not working properly. Mac OS X does not support CACs out of the box, so you have to install some extra software to make it work.

If you have not installed CAC middleware, the militarycac.com web site has an excellent writeup with a list of the most popular options and instructions for installing them:

We have used CACkey and Centrify Express (both free options with limited support), and PKard (about $30, but excellent phone/email technical support from Thursby Software).

Just make sure that you have some CAC enabling software installed and working, then try again.You'll know it's working when you can see your CAC in the key chain list (upper left hand section) in the Key Chain Access application on your Mac. You should be able to pull your CAC out and your name will disappear from the list, and then plug it back in and your name will appear in the list again. This lets you know that the CAC software is installed and working. DBsign will not be able to use your CAC until this is working. Try accessing some military CAC enabled websites such as web mail or portals. Can you login successfully with your CAC on those sites? Usually if that works, DBsign will work.

How do I fix a 139 error code?

If you are getting prompted to select between two certificates, then this might be because 1 of them usually does not work. This is not a DBsign thing, but it is some kind of incompatibility between OS X and the CAC. So, I tell people to remember the last 2 digits of the serial number of the cert that works and always use that one. The serial number should be shown below the list of certs on the certificate prompt dialog.

If that doesn't work, then I would try rebooting your Mac. This actually does fix 139/132 problems sometimes and it's easy to do. But before you reboot, unplug your card reader from the Mac and also unplug the card from the reader. Then reboot. After you are logged back in, plug the reader back into the Mac and then put the card in the reader. Then try accessing some CAC enabled military portals or web mail.

Also, when you are prompted for a keychain password, this is actually your CAC PIN. Some users enter their OSX password here and end up locking their CAC card (3 failed PIN entry attempts will lock the card). If it gets locked, you have to take it to an LRA or a badge office or something to get it unlocked.

Sometimes these symptoms are caused by installing two different types of CAC software at the same time. They conflict with each other and cause these symptoms.

Try accessing some military CAC enabled websites such as web mail or portals. Can you login successfully with your CAC on those sites? Usually if that works, DBsign will work. If not, then there seems to be an issue with your CAC software. I would uninstall any and all CAC software that you installed and only install one. For instructions on uninstalling, see here: https://militarycac.com/macuninstall.htm. Be sure and reboot the Mac after every install and uninstall. Uninstall them all, then install only one. We use CACKey here. Also, Thursby PKard for about $30 is good and they offer excellent support.

Still having problems?

If you still need some help, please contact us.

-->

Applies to:

Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.

Important

On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on this page.

101.27.50 (20.121022.12750.0)

• Fix to accommodate for Apple certificate expiration for macOS Catalina and earlier. This fix restores Threat & Vulnerability Management (TVM) functionality.

101.25.69 (20.121022.12569.0)

• Microsoft Defender for Endpoint on macOS is now available in preview for US Government customers. For more information, see Microsoft Defender for Endpoint for US Government customers.
• Performance improvements (specifically for the situation when the XCode Simulator app is used) & bug fixes.

101.23.64 (20.121021.12364.0)

• Added a new option to the command-line tool to view information about the last on-demand scan. To view information about the last on-demand scan, run mdatp health --details antivirus
• Performance improvements & bug fixes

101.22.79 (20.121012.12279.0)

• Performance improvements & bug fixes

101.19.88 (20.121011.11988.0)

• Performance improvements & bug fixes

101.19.48 (20.120121.11948.0)

Note

The old command-line tool syntax has been deprecated with this release. For information on the new syntax, see Resources.

• Added a new command-line switch to disable the network extension: mdatp system-extension network-filter disable. This command can be useful to troubleshoot networking issues that could be related to Microsoft Defender for Endpoint on Mac
• Performance improvements & bug fixes

101.19.21 (20.120101.11921.0)

• Bug fixes

101.15.26 (20.120102.11526.0)

• Improved the reliability of the agent when running on macOS 11 Big Sur
• Added a new command-line switch (--ignore-exclusions) to ignore AV exclusions during custom scans (mdatp scan custom)
• Performance improvements & bug fixes

101.13.75 (20.120101.11375.0)

• Removed conditions when Microsoft Defender for Endpoint was triggering a macOS 11 (Big Sur) bug that manifests into a kernel panic
• Fixed a memory leak in the Endpoint Security system extension when running on mac 11 (Big Sur)
• Bug fixes

101.10.72

• Bug fixes

101.09.61

• Added a new managed preference for disabling the option to send feedback
• Status menu icon now shows a healthy state when the product settings are managed. Previously, the status menu icon was displaying a warning or error state, even though the product settings were managed by the administrator
• Performance improvements & bug fixes

101.09.50

• This product version has been validated on macOS Big Sur 11 beta 9

• The new syntax for the mdatp command-line tool is now the default one. For more information on the new syntax, see Resources for Microsoft Defender for Endpoint on macOS

  Note

  The old command-line tool syntax will be removed from the product on January 1st, 2021.

• Extended mdatp diagnostic create with a new parameter (--path [directory]) that allows the diagnostic logs to be saved to a different directory

• Performance improvements & bug fixes

101.09.49

• User interface improvements to differentiate exclusions that are managed by the IT administrator versus exclusions defined by the local user
• Improved CPU utilization during on-demand scans
• Performance improvements & bug fixes

101.07.23

• Added new fields to the output of mdatp --health for checking the status of passive mode and the EDR group ID

  Note

  mdatp --health will be replaced with mdatp health in a future product update.

• Fixed a bug where automatic sample submission was not marked as managed in the user interface

• Added new settings for controlling the retention of items in the antivirus scan history. You can now specify the number of days to retain items in the scan history and specify the maximum number of items in the scan history

• Bug fixes

101.06.63

• Addressed a performance regression introduced in version 101.05.17. The regression was introduced with the fix to eliminate the kernel panics some customers have observed when accessing SMB shares. We have reverted this code change and are investigating alternative ways to eliminate the kernel panics.

101.05.17

Important

We are working on a new and enhanced syntax for the mdatp command-line tool. The new syntax is currently the default in the Insider Fast and Insider Slow update channels. We encourage you to famliliarize yourself with this new syntax.

We will continue supporting the old syntax in parallel with the new syntax and will provide more communication around the deprecation plan for the old syntax in the upcoming months.

• Addressed a kernel panic that occurred sometimes when accessing SMB file shares
• Performance improvements & bug fixes

101.05.16

• Improvements to quick scan logic to significantly reduce the number of scanned files
• Added autocompletion support for the command-line tool
• Bug fixes

101.03.12

• Performance improvements & bug fixes

101.01.54

• Improvements around compatibility with Time Machine
• Accessibility improvements
• Performance improvements & bug fixes

101.00.31

• Improved product onboarding experience for Intune users
• Antivirus exclusions now support wildcards
• Added the ability to trigger antivirus scans from the macOS contextual menu. You can now right-click a file or a folder in Finder and select Scan with Microsoft Defender for Endpoint
• In-place product downgrades are now explicitly disallowed by the installer. If you need to downgrade, first uninstall the existing version and reconfigure your device
• Other performance improvements & bug fixes

100.90.27

• You can now set an update channel for Microsoft Defender for Endpoint on macOS that is different from the system-wide update channel
• New product icon
• Other user experience improvements
• Bug fixes

100.86.92

• Improvements around compatibility with Time Machine
• Addressed an issue where the product was sometimes not cleaning all files under /Library/Application Support/Microsoft/Defender during uninstallation
• Reduced the CPU utilization of the product when Microsoft products are updated through Microsoft AutoUpdate
• Other performance improvements & bug fixes

Bitefight Defense Mac Os 11

100.86.91

Bitefight: Defense Mac Os X

Caution

To ensure the most complete protection for your macOS devices and in alignment with Apple stopping delivery of macOS native security updates to OS versions older than [current – 2], MDATP for Mac deployment and updates will no longer be supported on macOS Sierra [10.12]. MDATP for Mac updates and enhancements will be delivered to devices running versions Catalina [10.15], Mojave [10.14], and High Sierra [10.13].

If you already have MDATP for Mac deployed to your Sierra [10.12] devices, please upgrade to the latest macOS version to eliminate risks of losing protection.

• Performance improvements & bug fixes

100.83.73

Bitefight: Defense Mac Os Pro

• Added more controls for IT administrators around management of exclusions, management of threat type settings, and disallowed threat actions
• When Full Disk Access is not enabled on the device, a warning is now displayed in the status menu
• Performance improvements & bug fixes

100.82.60

• Addressed an issue where the product fails to start following a definition update.

100.80.42

• Bug fixes

100.79.42

• Fixed an issue where Microsoft Defender for Endpoint on Mac was sometimes interfering with Time Machine
• Added a new switch to the command-line utility for testing the connectivity with the backend service
• Added ability to view the full threat history in the user interface (can be accessed from the Protection history view)
• Performance improvements & bug fixes

100.72.15

• Bug fixes

100.70.99

• Addressed an issue that impacts the ability of some users to upgrade to macOS Catalina when real-time protection is enabled. This sporadic issue was caused by Microsoft Defender for Endpoint locking files within Catalina upgrade package while scanning them for threats, which led to failures in the upgrade sequence.

100.68.99

• Added the ability to configure the antivirus functionality to run in passive mode
• Performance improvements & bug fixes

100.65.28

• Added support for macOS Catalina

  Caution

  macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender for Endpoint is not able to fully protect your device.

  The mechanism for granting this consent depends on how you deployed Microsoft Defender for Endpoint:

  • For manual deployments, see the updated instructions in the Manual deployment topic.
  • For managed deployments, see the updated instructions in the JAMF-based deployment and Microsoft Intune-based deployment topics.

• Performance improvements & bug fixes