From d615707e4cdcb03fc546f53bb5e7d74a4a25b033 Mon Sep 17 00:00:00 2001 From: Hermes Agent Date: Wed, 13 May 2026 11:54:52 -0700 Subject: [PATCH 1/2] Update C-Prot macOS telemetry coverage Consolidates C-Prot macOS telemetry updates from PRs #182-#190 into one OS-scoped change set. --- EDR_telem_macOS.json | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/EDR_telem_macOS.json b/EDR_telem_macOS.json index 26352a6..8a6184a 100644 --- a/EDR_telem_macOS.json +++ b/EDR_telem_macOS.json @@ -81,7 +81,7 @@ "Telemetry Feature Category": null, "Sub-Category": "File Open/Access", "BitDefender": "Yes", - "C-Prot": "No", + "C-Prot": "Yes", "CrowdStrike": "Partially", "ESET Inspect": "No", "Elastic": "Via EnablingTelemetry", @@ -120,7 +120,7 @@ "Telemetry Feature Category": null, "Sub-Category": "Logon Failed", "BitDefender": "No", - "C-Prot": "No", + "C-Prot": "Yes", "CrowdStrike": "Yes", "ESET Inspect": "No", "Elastic": "Yes", @@ -133,7 +133,7 @@ "Telemetry Feature Category": null, "Sub-Category": "Screen Lock", "BitDefender": "No", - "C-Prot": "No", + "C-Prot": "Yes", "CrowdStrike": "No", "ESET Inspect": "No", "Elastic": "No", @@ -146,7 +146,7 @@ "Telemetry Feature Category": null, "Sub-Category": "Screen Unlock", "BitDefender": "No", - "C-Prot": "No", + "C-Prot": "Yes", "CrowdStrike": "No", "ESET Inspect": "No", "Elastic": "No", @@ -575,7 +575,7 @@ "Telemetry Feature Category": "Access Activity", "Sub-Category": "Raw Device Access", "BitDefender": "No", - "C-Prot": "No", + "C-Prot": "Yes", "CrowdStrike": "No", "ESET Inspect": "No", "Elastic": "No", @@ -588,7 +588,7 @@ "Telemetry Feature Category": null, "Sub-Category": "Process Access", "BitDefender": "No", - "C-Prot": "No", + "C-Prot": "Yes", "CrowdStrike": "No", "ESET Inspect": "No", "Elastic": "No", @@ -601,7 +601,7 @@ "Telemetry Feature Category": "Process Tampering Activity", "Sub-Category": "Process Injection Or Tampering", "BitDefender": "Yes", - "C-Prot": "No", + "C-Prot": "Yes", "CrowdStrike": "No", "ESET Inspect": "No", "Elastic": "Yes", @@ -640,7 +640,7 @@ "Telemetry Feature Category": "EDR SysOps", "Sub-Category": "Agent Start", "BitDefender": "Yes", - "C-Prot": "No", + "C-Prot": "Yes", "CrowdStrike": "Yes", "ESET Inspect": "Yes", "Elastic": "Yes", @@ -653,7 +653,7 @@ "Telemetry Feature Category": null, "Sub-Category": "Agent Stop", "BitDefender": "Yes", - "C-Prot": "No", + "C-Prot": "Yes", "CrowdStrike": "Yes", "ESET Inspect": "Yes", "Elastic": "Yes", From 3cc1296d3bc2a34e00cd36ef2d07025aac58470a Mon Sep 17 00:00:00 2001 From: tsale Date: Thu, 14 May 2026 11:17:40 -0700 Subject: [PATCH 2/2] fix: adjust C-Prot macOS telemetry statuses Keep Raw Device Access accepted based on direct raw device access evidence, but leave Process Access and Process Injection Or Tampering as No because the submitted evidence is detection/prevention-oriented rather than direct telemetry. --- EDR_telem_macOS.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/EDR_telem_macOS.json b/EDR_telem_macOS.json index 8a6184a..90084cf 100644 --- a/EDR_telem_macOS.json +++ b/EDR_telem_macOS.json @@ -588,7 +588,7 @@ "Telemetry Feature Category": null, "Sub-Category": "Process Access", "BitDefender": "No", - "C-Prot": "Yes", + "C-Prot": "No", "CrowdStrike": "No", "ESET Inspect": "No", "Elastic": "No", @@ -601,7 +601,7 @@ "Telemetry Feature Category": "Process Tampering Activity", "Sub-Category": "Process Injection Or Tampering", "BitDefender": "Yes", - "C-Prot": "Yes", + "C-Prot": "No", "CrowdStrike": "No", "ESET Inspect": "No", "Elastic": "Yes",