santa icon indicating copy to clipboard operation
santa copied to clipboard

Published 20 hours ago verified publisher icon google

Present information in the Santa blocked pop-up so it is more readily copy/pasted to a new rule

Open p-harrison opened this issue 2 years ago • 2 comments

The pop-up that warns users an application has been blocked displays a certain amount of information about that application, however it could be improved by displaying additional information and in a format that can be readily copy/pasted into an email by a non-technical user. This would improve the experience for the end-user by avoiding them having to use the fileinfo CLI tool to collect application information and for administrators by giving them the information they need (without having to follow-up with the user) to quickly add new rules. This would be particularly useful in the early stages of a Santa roll-out when many new rules are being added.

Below is an example of what is currently displayed in the pop-up -

Application: zoom.us
Filename: zoom.us
Path: /Applications/zoom.us.app/Contents/MacOS/zoom.us
Publisher: Zoom Video Communications, Inc. - Developer ID Application: Zoom Video Communications, Inc. (BJ4HAAB9B3)
Identifier: 68b0fc192ef2f7f7362f5742645cca5c32b8dc53b6fd1a9acdeb220c842881bb 
Parent: launchd (1)
User: joebloggs

The challenges with this presentation currently are -

  1. It's not immediately clear if 'Identifier' is a certificate or binary identifier
  2. To get the certificate identifier, you need to click the info icon beside Publisher, expand Details, scroll to the bottom and copy the correct fingerprint, which is displayed in all caps and has spaces between each pair of characters (like '4C C8 76 AC 25 F9 B9 09 29 51 6F 28 72 23 DB B9 5C 5F 82 3A 08 44 28 FD 5B CE C2 F3 AE CA AF B7'), so to add it to a rule you need to manually remove the spaces and lowercase it.
  3. The signing ID is not displayed
  4. The Copy chortcut keys are not supported/enabled (minor issue)
  5. You cannot copy the entire block of application information in one go (minor issue)

Possible alternative presentation -

Application: zoom.us
Filename: zoom.us
Path: /Applications/zoom.us.app/Contents/MacOS/zoom.us
Publisher: Zoom Video Communications, Inc. - Developer ID Application: Zoom Video Communications, Inc. (BJ4HAAB9B3)
Binary ID: 68b0fc192ef2f7f7362f5742645cca5c32b8dc53b6fd1a9acdeb220c842881bb
Certificate ID: 4cc876ac25f9b90929516f287223dbb95c5f823a084428fd5bcec2f3aecaafb7
Signing ID: BJ4HAAB9B3:us.zoom.xos
Team ID: BJ4HAAB9B3
Parent: launchd (1)
User: joebloggs

An alternative approach to modifying this screen (which may get a bit cluttered with my proposal above) would be a 'Copy to clipboard' button which would stick all this information (possibly the full output from 'santactl fileinfo'?) into the clipboard so the user could email it or log a ticket with it.

p-harrison avatar Jul 26 '23 08:07 p-harrison

Thank you for the feedback! We have been slowly migrating the dialogs away from the older XIB format to SwiftUI. We haven't yet done the block UI but were looking to expand the info presented when we do the migration largely due to new rule types that have been added over time that the dialog hasn't kept up with. We can keep this use case and these suggestions in mind when thinking about what all information to display.

mlw avatar Jul 26 '23 14:07 mlw

An alternative approach to modifying this screen (which may get a bit cluttered with my proposal above) would be a 'Copy to clipboard' button which would stick all this information (possibly the full output from 'santactl fileinfo'?) into the clipboard so the user could email it or log a ticket with it.

I'd be in favor of having this as a copy to clipboard button as the information can be cluttered along with the custom message etc.

pmarkowsky avatar Aug 14 '23 19:08 pmarkowsky