Post not yet marked as solved
Seems like it is only happening on the Monterey. Feedback FB9605587.
Post not yet marked as solved
Few tips that will probably save some time for someone willing to use Endpoint Security without System Extension:
you, can instantiate esclientt from within any process, including launchd agent or daemon without System Extension
however, you will not get any benefits of the System Extension, like early boot or whatever-will-come-in-future
your users will need to grant Full Disk Access to that daemon (manually, or through MDM), daemon will not appear in Privacy prefpane automatically, however you can do some mambo-jumbo that will involve an executable to be inside some of your bundles, then FDA will propagate to that executable and app will be visible in the prefpane
and sure thing, you will need to have a proper provisioning profile in you daemon's bundle (yes, bundle, e.g. .xpc)
also, this is not mentioned anywhere explicitly (or is it?), but daemon with EndpointSecurity entitlements may not have Hardened Runtime relaxation entitlements at the same time, e.g. strict library validation disabled
Post not yet marked as solved
macOS Big Sur beta 2 is still 10.16 according to sw_vers :(
As you've noticed stapling is not supported for .zip packages (there is nowhere to put ticket), this is correct. macOS will indeed download and check notarization ticket for your binary upon first launch. But if there is no internet connection, this will fail and you will get nasty Gatekeeper alert. What you can do — create a package that will install you daemon (and probably launchd plist and some bootstrap script I guess) with pkgbuild and productbuild. Product package can be signed, notarized and stapled.
Post not yet marked as solved
Spindumps are already there.
Post not yet marked as solved
Ok, it seems Xcode starts to hang after adding ~15 targets into a single scheme. More targets => longer hangs.
Post not yet marked as solved
Done — FB7770902.
Hardware: MacBook Pro (15-inch, 2017), 2,8 GHz Quad-Core Intel Core i7, 16 GB 2133 MHz LPDDR3, Intel HD Graphics 630 1536 MB.
Post not yet marked as solved
Yes, Catalina. Ok, confusion resolved. I was trying to use "some" keyword in template param and it is not recongnised comparing to other places where it cannot be used. Also, I was trying to replicate URLSession dataTaskPublisher example from Advances in Networking part 1 session and seems dataTaskPublisher is not available. Everything else is working as expected, however there is no 5.1 option (as exists for 4.2) in Swift version selection as it is expected 5.0 sources will be compatible with 5.1.
Post not yet marked as solved
Fresh from the WWDC: Endpoint Protection System Extension almost mimics kauth interface and is designed to repalce it. Host app activates System Extension, and it is macOS who is handling it after that. Extension is started whenever required, for example if it has special should-be-launch-at-system-startup key in the Info.plist, system will block all events and wait for all relevant extensions to load. Obviously it is up to extension developer to decide what to do with those events, but if extension will be blocking events for too long or crashing, system will disable it. And yes, it should be embedded specificatly in the .app bundle and not in, for example, .xpc bundle.
