I was under the impression that a security endpoint required a system extension, but that does not appear to be the case. Apparently daemons can create endpoint extensions without needed a system extension.
Why would I use an endpoint in a system extension rather than a daemon, or vice versa? I'm not understanding the value of a system extension with regards to a security endpoint. Someone please enlighten me.
daemons can create endpoint extensions without needed a system extension.
Correct.
Why would I use an endpoint in a system extension rather than a daemon, or vice versa?
This is something we addressed in WWDC 2020 Session 10159 Build an Endpoint Security app.
If you do decide to go down the daemon path, see Signing a Daemon with a Restricted Entitlement.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
