--- title: "MacOS" slug: "macos-agent-release-notes" updated: 2026-06-08T11:44:58Z published: 2026-06-08T11:44:58Z canonical: "support.perimeter81.com/macos-agent-release-notes" --- > ## Documentation Index > Fetch the complete documentation index at: https://support.perimeter81.com/llms.txt > Use this file to discover all available pages before exploring further. # MacOS ### Mac agent 12.8.0.10616 **June 8th, 2026** Currently under gradual rollout to all customers (usually takes 2-3 weeks). **New Features:** - **Tenant Settings Page** A new centralized settings page provides a single location for tenant-level configurations, including: - **User Settings** - Allows administrators to control global user configurations, such as the pre-login tunnel feature - **Company Branding** - Allows administrators to fully customize the agent support menu, including live chat link, support phone numbers, and user guide. - **Block Page Customization** - Now accessible from the new settings page. *(Available in Early Availability mode)* **Enhancements:** - **Multi-Language Support** The agent now supports three additional languages: Spanish, German, and Italian. - **Application Control** Application Control is now aligned with the Check Point Application database (APPI), supporting 7,555 applications. **Resolved Issues:** - P81-123547 - Incorrect public IP allocated when connected in Full Tunnel mode, causing connectivity issues. ### Mac agent 12.7.4.9577 **April 20th, 2026** **Updates:** - Updated Malware Protection engine components ### Mac agent 12.7.3.9355 **April 16th, 2026** **Resolved Issues:** - P81-114498 – High memory usage by the agent service. ### Mac agent 12.7.0.8565 **March 17th, 2026** **Enhancements:** - **Split Disable Sign-Out and Block Uninstall into Two Separate Controls** **Disable Sign-Out** and **Block Uninstall** are now independent controls, each with its own dedicated code and prompt, giving administrators more granular control over endpoint restrictions. - **Tenant Restrictions - Failed Login Attempt Logs** Logs are now generated for failed login attempts, giving administrators better visibility into unauthorized access attempts. - **HTTPS Inspection Allow Logs** Administrators can now enable logs for traffic bypassed from HTTPS inspection, making it easier to track what is excluded from inspection policies. - **Security Profiles** - File types are now grouped under file handling, with no constraints on using the Strict and Optimized built-in profiles. - Administrators can now log all Threat Emulation verdicts, including non-malicious files, for full inspection visibility. - **Split Tunnel Subnet Exceptions by IP or CIDR (Include Mode)** Administrators can define exceptions for included subnets using specific IP addresses or CIDR ranges. This excludes selected traffic from the tunnel and provides more granular routing control. - **Trusted Network 'Connect Anyway' Confirmation Pop-up** When a user on a trusted environment tries to connect to a private network, a confirmation pop-up now appears, helping avoid unnecessary VPN connections. **Resolved Issues:** - P81-105963 - Unable to collect logs when the agent is in signed-out state. - P81-87418 - Keychain corruption affecting agent connection. ### Mac agent 12.6.0.8419 **March 5th, 2026** **New Features:** - **Block Websites with Invalid Certificates** Administrators can now enforce blocking of websites with invalid certificates (Expired, Revoked, Self-Signed, Untrusted), strengthening endpoint security and preventing end users from accessing potentially unsafe sites. *(Available in Early Availability mode)* **Enhancements:** - **Security Events Pop-Up Notification Control** Administrators can now disable and enforce security event pop-up notifications across their organization. By default, end users continue to receive notifications and can toggle this setting in the agent settings screen. - **Updatable Objects Support for Internet Access** Internet Access policies now support dynamically maintained network objects that automatically update based on vendor-managed feeds. **Resolved Issues:** - P81-103116 - Users could access blocked websites even though the Internet Access security policy was set to block them. - P81-102365 - Trusted network detection did not disable Internet Access protection when configured to do so. ### Mac agent 12.5.1.8141 **February 13th, 2026** **Resolved Issues:** - P81-99418 - Agent takes a long time to open when DNS addresses are blocked on the local firewall. - P81-89899 - Agent fails to parse DNS packets, causing issues with Split Tunneling. ### Mac agent 12.3.0.7524 **January 20th, 2026** **Enhancements:** - **Threat Prevention Security Profiles** - These profiles introduce flexible security enforcement. Administrators can now define enforcement behavior and configure key Threat Prevention blades—including Malware Protection, Anti-Bot, and Threat Emulation—to align with their security posture and operational needs *(Available in Early Availability mode)* - **Data Loss Prevention (DLP) Enhancements** DLP now includes: - **Data Type Manager** for fine-tuning data types. - A new **Services** column in the DLP policy for applying rules based on URL categories, applications, and custom URLs. These enhancements provide greater granularity and more precise enforcement. - **Threat Prevention Exceptions** - Administrators can now define granular exceptions for specific URLs or files, using SHA-256 identifiers. This provides precise control to handle trusted resources and to reduce false positives. **Resolved Issues:** - P81-86793 - User couldn't connect to VPN although Always-on was enabled - P81-83839 - Agent failed routing Split-tunneled traffic correctly ### Mac agent 12.2.0.6683 **November 19th, 2025** **Enhancements:** - Admins can now hide the **Reset Agent** button in the agent UI, preventing end-users from resetting the agent themselves ### Mac agent 12.1.0.6369 **October 29th, 2025** **Enhancements:** - **Idle Device Detection and Automatic Sign-Out** - The Harmony SASE agent now detects unattended devices and disconnects those users from your private resources, thereby protecting company's resources. - Renamed application name from **Perimeter81.app** to **Harmony SASE.app** **Resolved Issues:** - P81-81220 - Agent IA certificate installation requires admin’s credentials - P81-84212 - Frequent agent disconnections from the network ### Mac agent 12.0.0.6063 **September 29th, 2025** **Resolved Issues:** - P81-75099 - User cannot sign in to agent due to DPC failure ### Mac agent 12.0.0.6019 **September 8th, 2025** **Enhancements:** - Multi-language Support - The agent now supports multi-language mode and is fully localized in French. Users can set the language through: - User settings - Automatically by the OS language - Installation parameters - Device Posture Check (DPC) - A new DPC feature offers full device certificate validation. Administrators can now verify authenticity, validity, and private key matching to strengthen overall device security and compliance - Granular DLP Policy Control - Enhanced DLP policy granularity by adding a new dimension - **service**. It allows administrators to select web categories, URLs or applications **Resolved Issues:** - P81-77570 - Wrong Split-tunnel routes creation while using OpenVPN - P81-77781 - Agent fails to search system domains through, causing DNS to fail unless using FQDN ### Mac agent 11.7.0.5477 **August 6th, 2025** **Resolved Issues:** - P81-69837 – Split-tunnel traffic goes through VPN tunnel ### Mac agent 11.7.0.5310 **August 4th, 2025** **Enhancements:** - Added Data Loss Prevention (DLP) support for file uploads to detect and block sensitive data exfiltration *(Available in Early Availability mode)* - Introduced Tenant Restrictions to control user access to approved Office 365 and Google Workspace tenants. This helps to prevent data leaks and shadow IT *(Available in Early Availability mode)* - Enhanced Application Control granularity with new actions to block file uploads to Box and Google Drive *(Available in Early Availability mode)* - Agent to Platform communications have transitioned to port 443, enabling user policy updates and usage monitoring even on restricted networks **Resolved Issues:** - P81-64450 – Regional Private DNS suffix does not match Harmony SASE suffix - P81-71325 – FQDN entries are not working while using split-tunnel ### Mac agent 11.6.1.4855 **June 10th, 2025** **Resolved Issues:** - P81-70427 – Private access connection lost in changing network event ### Mac agent 11.6.0.4498 **May 28th, 2025** **Enhancements:** - A new option allows Harmony SASE agent's Internet Access protection to be disabled when the device is connected to a secured trusted network, to avoid duplicate traffic inspection. - Device isolation from Local Area Network (LAN) is now available as a new option to enhance device security. *(Available in Early Availability mode)* - Customization of Block/Warn pages is now available, allowing tailored messages for end-users. **Resolved Issues:** - P81-63994 – Automatic user sign-out triggers internet disconnection - P81-68913 – Split Tunnel FQDN entries resolve issues ### Mac agent 11.5.0.4178 **April 1st, 2025** **Enhancements:** - A new option is available to install the Harmony SASE agent, enabling Internet Access security to start working out of the box without user interaction. - The new Application control security engine allows managing and restricting applications on end-user protected devices. - URL Filtering **Allow** logs - Harmony SASE now collects and stores **Allowed** end-user browsing history in the Admin portal. - The Agent anti-tampering feature now allows administrators to enforce an admin code requirement to uninstall the Harmony SASE agent. - URL Filtering, Malware Protection, Anti-Bot, and Threat Emulation logs are now available on **Infinity Events** and in a new **Security Events** screen. These logs can also be exported to SIEM systems via Infinity Events. **Resolved Issues:** - P81-52669, P81-62196 - Unable to access specific internal resources (DNS resolve error) ### Mac agent 11.2.1.3411 **January 22nd, 2025** **Enhancements:** - Enhanced Trusted Network capability, now supporting the use of an HTTPS server and a TLS certificate. - Implemented a comprehensive update to the Malware protection engine. - New Anti-Bot security engine detects and prevents access to malicious URLs. - New Threat Emulation engine uses connected sandboxes to prevent multi-stage attacks at the earliest available stage. **Resolved Issues:** - P81 - 51175 – SWG not active after reboot - P81 - 54570 – Some deny logs do not appear in management platform ### Mac agent 11.0.10.2696 **October 21st, 2024** **Enhancements:** - Added support for wildcards in URL filtering rules - Renamed installation file from **Perimeter81_10.x.x.xxxx.pkg** to **Harmony_SASE_11.x.x.xxxx.pkg** **Resolved Issues:** - P81-51175 - Agent failed to start URL filtering after reboot - P81-50195 - Agent blocked downloads from IBM aspera - P81-37249 - User can't run FaceTime calls when URL filtering feature is enabled ### Mac agent 11.0.1.2339 **August 28th, 2024** **Resolved Issues:** - Mitigation for OpenVPN vulnerability (CVE-2024-1305) - P81-50980 - Custom URL SWG allow rule mismatch ### Mac agent 11.0.0.2227 **August 7th, 2024** **Enhancements:** - Implemented a comprehensive update to our Web filtering security engine. - Rebranded the taskbar icons. - Rebranded **Block**, **Warn**, and **Malware Protection** pages. **Resolved Issues:** - P81-37479 - Quick access UI disappear - P81-37717 - Failed to connect to private access network - P81-38526 - Agent memory usage - P81-39300 - Agent frequent disconnects - P81-40851 - Can't remove Trusted Wi-Fi from Trusted network list - P81-46855 - Changing network requires device admin's permission - P81-46907 - Agent unexpected crashes ### Mac agent 10.5.0.1476 **March 29th, 2024** **New Features:** - Secure Web Gateway (which includes Web Filtering and Malware Protection) now stays active even when the user is signed out of the agent, using the most recently cached web filtering policy. The user interface has been updated to show that the SWG is enabled in this situation. If allowed by the admin, the SWG can be turned off by quitting the agent. **Enhancements:** - The agent supports the new European Data Residency instance of Harmony SASE, which will be launched in April. The data residency region can be configured when installing the agent using a new 'region' parameter, or by switching to it from the platform sign-in page when signing in to the agent. - Agent logging events have been moved to a new, robust and more scalable infrastructure **Resolved Issues:** - P81-37479 - UI is hidden on mouse cursor move when an application is running full-screen in the background - P81-37735 - unable to connect to the agent when Mac has Homebrew installed ### Mac agent 10.4.2.1198 **Jan 29th, 2024** **New Features:** - The Perimeter 81 agent is now rebranded to Check Point - Harmony SASE. ### Mac agent 10.4.0.1141 **Jan 21st, 2024** **New Features:** - The Perimeter 81 agent is now rebranded to Check Point - Quantum SASE. This includes new logos and a new color scheme. - The Harmony SASE agent now supports SWG certificate installation using MDM tools. This allows administrators to install the certificate without any additional steps on the member's device to enable the Secure Web Gateway functionality. You can download the certificate from the **Downloads** page in your workspace. This feature is currently in Beta. **Enhancements:** - Connection stability improvements. - A new retry mechanism when Harmony SASE agent is launched without an internet connection using **Disable Sign-Out**. **Resolved Issues:** - P81-32732 - Proxy extension prevents Airplay from functioning properly - P81-34293 - Mac m3 machine cannot connect via wireguard - Helper crash - P81-34476 - Connectivity issue - address already in use - P81-34519 - Agent stuck in Reconnecting when using Wireguard protocol ### Mac agent 10.3.0.601 **Nov 5th, 2023** **New Features:** - The agent now natively supports Apple silicon processors (M2/M1), for better performance and reduced memory consumption. **Enhancements:** - Agent log collection can now be initiated remotely by Harmony SASE support, without requiring end-user involvement. **Resolved Issues:** - P81-28999 - Potentially sensitive information is now scrubbed from locally stored logs ### Mac agent 10.2.1.535 **October 5th, 2023** **Resolved Issues:** P81-30568 - Agent logs filling up hard drive space when system extension not properly configured ### Mac agent 10.2.0.512 **September 19th, 2023** **Enhancements:** - Improved WireGuard session keep-alive mechanism - Updated menu bar icons **Resolved Issues:** P81-24554 - SWG bypass rule not working with 'Any' in destination P81-30849 - Proxy installation requested even when not required P81-31326 - Conflict between agent proxy and external tool (Gradle) causes timeout errors ### Mac agent 10.1.3.322 **Resolved Issues:** P81-30327 - NEProxy logs rapidly consuming space when FQDN-ST is enabled ### Mac agent 10.1.2.318 **July 25th, 2023** **Resolved Issues:** P81-30262 - Fix for agent local privilege escalation vulnerability (CVE-2023-33298) P81-30255 - Multiple system request popups to enable Proxy configuration ### Mac agent 10.1.0.293 **July 19th, 2023** **New Features:** - Support for split tunneling configuration by domains (FQDN)! **Enhancements:** - Improved agent log collection mechanism, supporting larger payloads and more detailed logging - Using updated Wireguard and OpenVPN versions - IKEv2 protocol deprecated as a method of agent connection - removed from agent UI **Resolved Issues:** P81-24626 - Posture check for disk encryption failing despite fulfilling criteria P81-25528 - Disconnects on Wireguard P81-26232 - SWG not blocking access to restricted websites in Kill Switch scenario P81-29636 - Failed to Fetch public IP address intermittently --- ### MacOS agent 10.0.0.19 **May 7th, 2023** **New Features:** - The agent now supports the new Exclude configuration option for Split Tunneling (so that all traffic except specific addresses will go through the tunnel). **Resolved Issues:** - P81-23365 - Mac agent launching twice, 2 different instances running at the same time - P81-26071 - OpenVPN connection sometimes taking too long --- ### MacOS agent 9.0.1.9 **New Features:** - You can now switch between protocols while the agent is connected to a network! Simply select a protocol in the Protocols tab to switch to it. - When the user session expires (according to the session length set by the administrator), the agent will be automatically logged out during local night time, in order to avoid disconnections during the workday. This applies to session lengths of 2 days and above. **Enhancements:** - Logging improvements - Agent installation will be prevented on unsupported MacOS version 10.14 and below **Resolved Issues:** - P81-18590 - On macOS 13.0, sometimes the quick access UI and Full agent UI were displayed simultaneously when changing networks - P81-20543 - Incorrect icon state after silent upgrade of the agent - P81-23034 - Agent disconnection after OS upgrade to Mac OS 13.2 - P81-23462 - SWG Web Filtering not working when a rule is set with two custom URLs that one is contained within the other - P81-7337 - Agent logs show that user is using macOS 10.16 when it is actually a higher version --- ### MacOS agent 9.0.0.28 **New Features:** - Secure Web Gateway (SWG) now includes Malware Protection! SWG users now have an additional layer of protection against malicious software, on top of the existing web filtering functionality. Malware Protection actively scans content before it reaches the user's browser, blocks multiple types of threats, and notifies the user. Admins can view logs of blocked malware in a new page under the Monitor and Logs section. **Enhancements:** - Log file size decreased, implemented log rotation - Added support for long-life certificates for SDP sessions - Updated internal frameworks to support minimum target OS of 10.15 - Improved SWG module behaviour, increased reliability of Proxy module - Improved memory usage of agent and fixed issues with memory leaks - Improved stability - Improved connectivity **Resolved Issues:** P81-21296 - Fixed an issue related to the Disable Sign-out feature P81-22039 - Fixed issue when agent UI was out of sync with Daemon P81-14902 - Fixed Trusted Wired Network MAC address case-insensitive comparison ---