This one is a bit more confusing. Check to make sure that the process is not hung somehow by looking for the Network Extension name in the Activity Monitor. I had rebooted and sure the process is not running in activity monitor . so it ws surprising.

fine matt . will try out . thank you.

thankyou eskimo .

thankyou. there are 2 states/messages seen on systemextensionsctl list comand: on deactivation without reboot: "terminated waiting to uninstall on reboot" on deactivation after reboot: "uninstalling" so the confusion .

@tartempion : that is a very detaild answer . the answer helped me to move ahead . many thank you .

many thanks Matt. that was of great help.

No . only on container app and extension .

thank you --! i see that everything in the first is allowed in second . Dumping the output here Entitlement for app <dict>     <key>com.apple.application-identifier</key>     <string>TeamID.com.company.abcappn</string>     <key>com.apple.developer.networking.networkextension</key>     <array>         <string>content-filter-provider</string>     </array>     <key>com.apple.developer.system-extension.install</key>     <true/>     <key>com.apple.developer.team-identifier</key>     <string>TeamID</string> </dict>    In the Embedded Profile for app key>Entitlements</key>       <dict>                                          <key>com.apple.developer.system-extension.install</key>            <true/>                       <key>com.apple.developer.networking.networkextension</key>            <array>                       <string>packet-tunnel-provider-systemextension</string>                       <string>app-proxy-provider-systemextension</string>                       <string>content-filter-provider-systemextension</string>                       <string>dns-proxy-systemextension</string>                       <string>dns-settings</string>            </array>                       <key>com.apple.application-identifier</key>            <string>TeamID.com.company.abcappn</string>                                              <key>keychain-access-groups</key>            <array>                       <string>TeamID.*</string>            </array>                                              <key>com.apple.developer.team-identifier</key>            <string>TeamID</string>         </dict> Anything else you suggest need to be examined .

thank you matt . if it is serialised, wouldn't there will be lot of impact on performance .

@tartempion : Am facing the same issue . do you host The XPC service in an app . i have a .xpc as target (not a daemon application containing .xpc ) which is directly used in launchd . have published the MachServices properly . any pointers would really help .

With default Network Extension Target the NEMachServiceName is already added. should we just connect from the app to this NEMachServiceName and then start exchanging message. was just curious whether I create the listener in the app and connect (from client) from the Network Extension. is it a good idea ?

thank you eskimo . it is a NetworkExtension . howz the setting up different in NetworkExtension & EndpointSecurity ?

thnsk you eskimo for the answer .is "App Sandbox entitlement" required for Driverkit ?

thank you eskimo.

it is Content filter