End-User Notifications requirements

Review the requirements before you install and use End-User Notifications.

Tanium dependencies

In addition to a license for the End-User Notifications product module, make sure that your environment also meets the following requirements.

Component Requirement
Tanium™ Core Platform

7.2 or later.

Tanium™ Client

6.0.314.1540 or later

  • Windows 7 Service Pack 1 or later
  • Windows Server 2008 R2 Service Pack 1 or later

7.2.314.3476 or later

  • Windows 7 Service Pack 1 or later
  • Windows Server 2008 R2 Service Pack 1 or later

7.4 or later

  • Windows 7 Service Pack 1 or later
  • Windows Server 2008 R2 Service Pack 1 or later
Tanium products If you clicked the Install with Recommended Configurations button when you installed End-User Notifications, the Tanium Server automatically installed all your licensed modules at the same time. Otherwise, you must manually install the modules that End-User Notifications requires to function, as described under Tanium Console User Guide: Manage Tanium modules.

The following modules are optional, but End-User Notifications requires the specified minimum versions to work with them:

  • Tanium Deploy 1.3 or later for end-user notifications or end-user self service
  • Tanium Patch 2.1 or later for end-user notifications
  • Tanium Protect 2.0 or later for end-user notifications for BitLocker policies
  • Tanium Protect 2.3 or later for end-user notifications for FileVault policies
  • Tanium Protect for end-user notifications for BitLocker or FileVault policies
Computer groups When you first log into the Tanium Console after installing the Tanium Server, the server automatically imports the computer groups that End-User Notifications requires: All Computers.

Tanium™ Module Server

End-User Notifications is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

Endpoints

End-User Notifications supports the following client operating systems:

Operating System Version
Windows Server
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2 Service Pack 1 or later
Windows Workstation
  • Windows 10
  • Windows 8.1
  • Windows 8
  • Windows 7 Service Pack 1 or later
macOS (supported for Protect FileVault policy only)
  • macOS 10.15 Catalina
  • macOS 10.14.6 Mojave
  • macOS 10.13.6 High Sierra

Host and network security requirements

Specific ports and processes are needed to run End-User Notifications.

Ports

For Tanium as a Service ports, see Tanium as a Service Deployment Guide: Host and network security requirements.

The following ports are required for End-User Notifications communication.

Source Destination Port Protocol Purpose
Module Server Module Server (loopback) 17476 TCP Internal purposes; not externally accessible

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

Table 1:   End-User Notifications security exclusions
Target Device Notes Process
Module Server   <Module Server>\services\end-user-notifications-service\node.exe
  <Module Server>\services\twsm-v1\twsm.exe
Windows endpoints 7.2.x clients <Tanium Client>\Python27\TPython.exe
7.4.x clients <Tanium Client>\Python38\TPython.exe
  <Tanium>\Tanium End User Notification Tools\UserSessionProxy.exe
  <Tanium>\Tanium End User Notification Tools\bin\end-user-notifications.exe
exclude from on-access or real-time scans <Tanium>\Tanium End User Notification Tools\
macOS endpoints 7.2.x clients <Tanium Client>/python27/python
7.4.x clients <Tanium Client>/python38/python
  /Library/Tanium/EndUserNotifications/bin/end-user-notifications.app
  /Library/Tanium/EndUserNotifications
Table 2:   End-User Notifications security exclusions
Target Device Notes Process
Windows endpoints 7.4.x clients <Tanium Client>\Python38\TPython.exe
  <Tanium>\Tanium End User Notification Tools\UserSessionProxy.exe
  <Tanium>\Tanium End User Notification Tools\bin\end-user-notifications.exe
exclude from on-access or real-time scans <Tanium>\Tanium End User Notification Tools\
macOS endpoints 7.4.x clients <Tanium Client>/python38/python
  /Library/Tanium/EndUserNotifications/bin/end-user-notifications.app
  /Library/Tanium/EndUserNotifications

User role requirements

The following tables list the role permissions required to use End-User Notifications. For more information about role permissions and associated content sets, see Tanium Core Platform User Guide: Managing RBAC.

Table 3:   End-User Notifications user role permissions
Permission End-User Notifications Administrator End-User Notifications Operator End-User Notifications Read Only User

Show Endusernotifications

View the End-User Notifications shared service


1

1

1

End User Notifications Use Api

Access to the End-User Notifications API


1

1

1

End User Notifications Module Read

Read access to the End-User Notifications shared service




End User Notifications Module Write

Write access to the End-User Notifications shared services




End User Notifications Operator Module Write

Write access to a subset of the End-User Notifications shared services




1 Denotes a provided permission.

 

Table 4:   Provided End-User Notifications Micro Admin and Advanced user role permissions
Permission Role Type Content Set for Permission End-User Notifications Administrator End-User Notifications Operator End-User Notifications Read Only User
Read User Micro Admin  
Read User Group Micro Admin  
Read Computer Group Micro Admin  
Ask Dynamic Questions Advanced  
Read Sensor Advanced Reserved
Read Sensor Advanced Default
Read Sensor Advanced Base
Read Sensor Advanced End-User Notifications
Approve Action Advanced End-User Notifications
Execute Plugin Advanced End-User Notifications
Write Action Advanced End-User Notifications
Write Package Advanced End-User Notifications
Write Saved Question Advanced End-User Notifications

For more information and descriptions of content sets and permissions, see Tanium Core Platform User Guide: Users and user groups.