Hi, I'm trying to create a file monitor with endpoint security, and use ES_EVENT_TYPE_NOTIFY_CREATE to monitor newly created files or folders. I found that ES_EVENT_TYPE_NOTIFY_CREATE doesn't get called when generate a .zip file by compressing, or new file&folder generated by decompressing a .zip file.1.Is this a bug or I'm using the wrong notify event?When I replied ES_AUTH_RESULT_DENY for the auth events, system will show alert saying "The operation can’t be completed because you don’t have permission to access some of the items."2. Is it possible to customize this alert text or not showing it at all?
Post
Replies
Boosts
Views
Activity
I'm using 0x7fffffff and 0x0(which I found in other people's project, Apple doesn't give this document) as authorized_flags value for es_respond_flags_result. It works perfectly with SIP disabled. But when I test this in user env(SIP on, APP signed&notarized, grant system extension full disk access), the OS hangs. I'm pretty sure it's ES_EVENT_TYPE_AUTH_OPEN caused this problem, because once I remove this event from es_subscribe, my APP&system extension works perfectly in user env. Does anyone know to slove this problem? Or did I use the wrong authorized_flags value?Many thanks!
On MacOS, I understand NSFileSystemFileNumber is an inode number. And inode can be reused by filesystem after original file is deleted.
Suppose one file is never deleted, will its NSFileSystemFileNumber change? For example, reboot? OS upgrade?