GUI and command-line differences in Breach Remediation for Mac

Document created by drossler Employee on May 10, 2017Last modified by jyamada on Jan 23, 2019
Version 2Show Document
  • View in full screen mode

The GUI and command-line (CLI) versions of Breach Remediation for Mac are targeted at different groups of users, and as a result have different capabilities.
The CLI version is intended for use by knowledgeable Mac admins, for use on many different machines that are being managed. The GUI, on the other hand, is intended for the end-user, who may not be familiar with the command line. It is likely to be most useful on unmanaged systems, where the user is expected to keep the system secure on his/her own.



The GUI app will install components in the system to assist in removal of threats that the current user does not have permissions to access. Thus, it will need to be installed by a user with admin privileges, but can thereafter be used by any user of the computer. Uninstallation should be done by choosing the Uninstall item from the Help menu within the app.

The CLI does not install any persistently-running components on the system. It can be run from anywhere, and with the exception of quarantined threats, all data associated with it will be located in the same place as the executable file itself. Uninstallation requires nothing beyond simply deleting the files and, if desired, quarantined threats from the system to free up the disk space they occupy.


Because the CLI is intended to be used by administrators, scans with this version of Breach Remediation will include within its scan all user folders on the target system. Thus, an administrator does not need to log in to each user account on the machine, and can run one single scan that covers the entire system.
The GUI, on the other hand, only the current user folder (as well as the rest of the system).

Removal of threats is also different for each app. The CLI moves apps into a designated quarantine folder, which the admin can change if desired. The GUI moves threats to a folder in the trash instead, and that behavior cannot be changed.



Both the CLI and the GUI will accept the same license keys. However, there is a slight difference in how these keys are managed.
The CLI is designed such that it can be placed on a USB flash drive, or other external media, and used to scan offline computers. Because of this, the product will "expire" after a certain amount of time (14 days by default), requiring re-registration. (This does not mean that the license key will go bad or that additional payments will be required, it simply means that the register command must be called again with the license key.)

The GUI, however, has no such restrictions, and will continue to operate normally as long as the license continues to be valid.



The GUI app has a built-in automatic update mechanism that will alert the user when an app update is available, and will download and apply that update at the user's request. It will also automatically download signature updates each time it launches.


The CLI app does not include any kind of self-updating mechanism. If an app update is available, it is up to the admin to replace the old version of the CLI app with a newer version, when and if desired. It also only downloads signature updates when the admin invokes the update command.