End-User Notifications requirements

Review the requirements before you install and use End-User Notifications.

Tanium dependencies

In addition to a license for the End-User Notifications product module, make sure that your environment also meets the following requirements.

Component Requirement
Tanium™ Core Platform

7.2 or later.

Tanium™ Client Any supported version of Tanium Client. For the Tanium Client versions supported for each OS, see Tanium Client Management User Guide: Client version and host system requirements.

If you use a client version that is not listed, certain product features might not be available, or stability issues can occur that can only be resolved by upgrading to one of the listed client versions.

Tanium products

If you clicked the Tanium Recommended Installation button when you installed End-User Notifications, the Tanium Server automatically installed all your licensed modules at the same time. Otherwise, you must manually install the modules that End-User Notifications requires to function, as described under Tanium Console User Guide: Manage Tanium modules.

Modules at the following minimum versions The following modules are required:

  • Tanium Endpoint Configuration 1.2 or later (installed as part of Tanium Client Management 1.5 or later)

The following modules are optional, but End-User Notifications requires the specified minimum versions to work with them:

  • Tanium Deploy 1.3 or later for end-user notifications or end-user self service
  • Tanium Patch 2.1 or later for end-user notifications
  • Tanium Enforce 1.5 or later for end-user notifications for BitLocker or FileVault policies
  • Tanium Trends 3.6 or later
Computer groups When you first sign in to the Tanium Console after installing the Tanium Server, the server automatically imports the computer groups that End-User Notifications requires: All Computers.

Tanium™ Module Server

End-User Notifications is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.

Endpoints

End-User Notifications supports the following client operating systems:

Operating System Version Notes
Windows Server Windows Server 2008 R2 Service Pack 1 or later Windows Server Core not supported.
Windows Workstation
  • Windows 10
  • Windows 8.1
  • Windows 8
  • Windows 7 Service Pack 1 or later
Windows 7 Service Pack 1 requires Microsoft KB2758857.
macOS
  • macOS 11.0 Big Sur
  • macOS 10.15 Catalina
  • macOS 10.14.6 Mojave
  • macOS 10.13.6 High Sierra
Supported for Enforce FileVault policy only.

Host and network security requirements

Specific ports and processes are needed to run End-User Notifications.

Ports

For Tanium as a Service ports, see Tanium as a Service Deployment Guide: Host and network security requirements.

The following ports are required for End-User Notifications communication.

Source Destination Port Protocol Purpose
Module Server Module Server (loopback) 17476 TCP Internal purposes; not externally accessible

Configure firewall policies to open ports for Tanium traffic with TCP-based rules instead of application identity-based rules. For example, on a Palo Alto Networks firewall, configure the rules with service objects or service groups instead of application objects or application groups.

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference. For a list of all security exclusions to define across Tanium, see Tanium Core Platform Deployment Reference Guide: Host system security exclusions.

End-User Notifications security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server Required when Endpoint Configuration is installed Process <Module Server>\interdependence-configuration-service\TaniumEndpointConfigService.exe
  Process <Module Server>\services\end-user-notifications-service\node.exe
  Process <Module Server>\services\twsm-v1\twsm.exe
Windows endpoints 7.2.x clients Process <Tanium Client>\Python27\TPython.exe
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
  Process <Tanium>\Tanium End User Notification Tools\UserSessionProxy.exe
  Process <Tanium>\Tanium End User Notification Tools\bin\end-user-notifications.exe
exclude from on-access or real-time scans Folder <Tanium>\Tanium End User Notification Tools
macOS endpoints 7.2.x clients Process <Tanium Client>/python27/bin/pybin
7.4.x clients Process <Tanium Client>/python38/bin/pybin
  Process /Library/Tanium/EndUserNotifications/bin/end-user-notifications.app
  Folder /Library/Tanium/EndUserNotifications
End-User Notifications security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints 7.4.x clients Process <Tanium Client>\Python38\TPython.exe
  Process <Tanium>\Tanium End User Notification Tools\UserSessionProxy.exe
  Process <Tanium>\Tanium End User Notification Tools\bin\end-user-notifications.exe
exclude from on-access or real-time scans Folder <Tanium>\Tanium End User Notification Tools
macOS endpoints 7.4.x clients Process <Tanium Client>/python38/bin/pybin
  Process /Library/Tanium/EndUserNotifications/bin/end-user-notifications.app
  Folder /Library/Tanium/EndUserNotifications

User role requirements

The following tables list the role permissions required to use End-User Notifications. For more information about role permissions and associated content sets, see Tanium Core Platform User Guide: Managing RBAC.

End-User Notifications user role permissions
Permission End-User Notifications Administrator1,2 End-User Notifications Endpoint Configuration Approver1,2 End-User Notifications Operator1,2 End-User Notifications Read Only User1,2

End-User Notifications Endpoint Configuration

APPROVE: Approve End-User Notifications items for Endpoint Configuration

REGISTER: Access to register with Endpoint Configuration


REGISTER

APPROVE

End-User Notifications Module

Read and write access to the End-User Notifications shared service


READ
WRITE

READ

READ

READ

End-User Notifications Operator Module

Write access to a subset of the End-User Notifications shared service


WRITE

WRITE

End-User Notifications Use API

Access to the End-User Notifications API


EXECUTE

EXECUTE

EXECUTE

EXECUTE

Endusernotifications

View the End-User Notifications shared service


SHOW

SHOW

SHOW

SHOW

1 This role provides module permissions for Tanium Endpoint Configuration. You can view which Endpoint Configuration permissions are granted to this role in the Tanium Console. For more information, see Tanium Endpoint Configuration User Guide: User role requirements.

2 This role provides module permissions for Tanium Interact. You can view which Interact permissions are granted to this role in the Tanium Console. For more information, see Tanium Interact User Guide: Tanium Data Service permissions.

 

Provided End-User Notifications administration and platform content permissions
Permission Permission Type End-User Notifications Administrator1 End-User Notifications Endpoint Configuration Approver1 End-User Notifications Operator1 End-User Notifications Read Only User1
Computer Group Administration
READ

READ

READ

READ
User Administration
READ

READ
User Group Administration
READ

READ

READ

READ
Action Platform Content
WRITE

WRITE
Approve Action Platform Content
SPECIAL

SPECIAL
Own Action Platform Content
READ

READ
Package Platform Content
READ
WRITE

READ
WRITE
Plugin Platform Content
READ
EXECUTE

READ
EXECUTE

READ
EXECUTE

READ
EXECUTE
Saved Question Platform Content
READ
WRITE

READ
WRITE
Sensor Platform Content
READ

READ

READ

READ

You can view which content sets are granted to any role in the Tanium Console.

1 This role provides content set permissions for Tanium Endpoint Configuration. You can view which Endpoint Configuration content sets are granted to this role in the Tanium Console. For more information, see Tanium Endpoint Configuration User Guide: User role requirements.

For more information and descriptions of content sets and permissions, see Tanium Core Platform User Guide: Users and user groups.