Can the Endpoint Security Extension communicate with a regular app

It sounds like your ES client is a sysex rather than a daemon. Is that correct?

It’s possible to solve handle this issue in both cases, but there’s a slightly different spin.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Along with what Quinn asked, be aware that looping the user directly into the approval cycle with something like a allow/deny dialog:

When a user tries to open a file, the ES extension can either allow or deny the user from opening it. However, the policy for allowing/denying users to open files is managed by my normal Mac app. Therefore, the ES extension needs to proactively communicate with the normal app.

...won't really work or at least it won't work very well, at least not as a "general" answer. While the "on paper" deadline (<15s) can make this seem workable, there are cases where the deadline will be much shorer and most of that deadline can disappear entirely due to kernel/user space latency, ESPECIALLY under heavy system load. Our general recommendation is that you should approve/deny in <10ms, which is FAR to short to directly involve the user. I wrote more about this on a different forum post which I'd recommend taking a look at.

I think you could build a good "user" ES (as opposed to the more typically "enterprise" app), but you'd need to build around a model where the user would approve the "next" request (after you deny the first) and/or notifying the user about what's been occurring.

__
Kevin Elliott
DTS Engineer, CoreOS/Hardware