Performance degradation using Endpoint Security library on Sonoma

Question

frankfenn OP

Created Nov ’23

Replies 5

Boosts 0

Views 1k

Participants 6

Hello community

we have been using an Endpoint Security client within a system extension for quite a while now. After some users updated macOS to Sonoma, we got complaints about slower performance when using MS Office on Mac. The product features work as expected, and our system extension is loaded and delivers events.

Upon inspection of the log files, we found the following (but not on all machines):

[com.apple.TCC:access] Failed to create LSApplicationRecord for file:///Library/SystemExtensions/0062566E-9869-4CC4-A666-F641F5C011CD/com.sophos.endpoint.scanextension.systemextension/: 'The operation couldn’t be completed. (OSStatus error -10811.)'

and

[com.apple.TCC:access] -[TCCDAccessIdentity staticCode]: static code for: identifier com.sophos.endpoint.scanextension, type: 0: 0x7fb63da318c0 at /Library/SystemExtensions/0062566E-9869-4CC4-A666-F641F5C011CD/com.sophos.endpoint.scanextension.systemextension

for almost each event delivered. We are using XPC from the system extension to a non-priviliged daemon process to process file content.

A feedback has already been filed: FB13174804

An additional code-level support was returnd woithout any explanation.

Signing checks of the system extension and the containing app (daemon) on Sonoma turn up without any errros.

Any idea, whats going on here?

Frank Fenn Sophos Inc.

Boost

Answer 1

Eric K. OP

Nov ’23

What does the OSStatus error -10811. mean in this context?

0

Answer 2

DTS Engineer OP

Apple

Nov ’23

Error -10811 is kLSNotAnApplicationErr. Launch Services is trying update its database of apps and something has gone wrong. Based on the rest of the message, my assumption is that it was blocked by TCC. There’s clearly some deeper underlying cause but I’ve no idea what that might be. Given that this is a clear regression in macOS 14, then that’s something that the ES and TCC teams will have to investigate, at least IMO.

If you’re hitting the similar problems to the ones described by frankfenn, I recommend that you file your own bug with the details.

If you file a bug, please post the number, just for the record.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 3

MohmadVasim OP

May ’24

Hi @eskimo/ @jim-oconnor/ @frankfenn ,

Any update on the reported issue as we are also facing the same issue on Sonoma 14.5 even extension has Full Disk Access with same error 'The operation couldn’t be completed. (OSStatus error -10811.)' and extension is crashing and because of this system is getting hanged.

Error Domain=NSOSStatusErrorDomain Code=-10811 "kLSNotAnApplicationErr: Item needs to be an application, but is not" UserInfo={_LSLine=175, _LSFunction=_LSFindBundleWithInfo_NoIOFiltered}

...

Thanks & Regards,

Mohmad Vasim

0

Answer 4

DTS Engineer OP

Apple

May ’24

I’ve nothing to report on the FB13451201 front.

If this situation it’s definitely worth filing your own a bug about this, asking that it be dup’d to FB13451201. That way you’ll be notified if the original gets fixed.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 5

Quick Heal OP

May ’24

Thanks Eskimo for your quick response!

We have submitted a feedback for the same and here is the feedback ID FB13806349 .

... Thanks & Regards, Mohmad Vasim

0