Hello community
we have been using an Endpoint Security client within a system extension for quite a while now. After some users updated macOS to Sonoma, we got complaints about slower performance when using MS Office on Mac. The product features work as expected, and our system extension is loaded and delivers events.
Upon inspection of the log files, we found the following (but not on all machines):
[com.apple.TCC:access] Failed to create LSApplicationRecord for file:///Library/SystemExtensions/0062566E-9869-4CC4-A666-F641F5C011CD/com.sophos.endpoint.scanextension.systemextension/: 'The operation couldn’t be completed. (OSStatus error -10811.)'
and
[com.apple.TCC:access] -[TCCDAccessIdentity staticCode]: static code for: identifier com.sophos.endpoint.scanextension, type: 0: 0x7fb63da318c0 at /Library/SystemExtensions/0062566E-9869-4CC4-A666-F641F5C011CD/com.sophos.endpoint.scanextension.systemextension
for almost each event delivered. We are using XPC from the system extension to a non-priviliged daemon process to process file content.
A feedback has already been filed: FB13174804
An additional code-level support was returnd woithout any explanation.
Signing checks of the system extension and the containing app (daemon) on Sonoma turn up without any errros.
Any idea, whats going on here?
Frank Fenn Sophos Inc.
