Framework

EndpointSecurity

Develop system extensions that enhance user security.

Overview

Endpoint Security is a C API for monitoring system events for potentially malicious activity. Your client, which you can write in any language supporting native calls, registers with Endpoint Security to authorize pending events, or receive notifications of events that have already occurred. These events include process executions, mounting file systems, forking processes, and raising signals.

Develop your system extension with Endpoint Security and package it in an app that uses the SystemExtensions framework to install and upgrade the extension on the user’s Mac.

Topics

Event Monitoring

Client

An opaque type that maintains Endpoint Security client state, and functions related to this type.

Message

A type used by Endpoint Security to notify your client when a monitored action occurs.

Event Types

Types used by messages to deliver details specific to different kinds of Endpoint Security events.

Entitlements

com.apple.developer.endpoint-security.client

The entitlement required to create an Endpoint Security client instance.