I have gone through the sample code a dozen times. This time, I've followed all previous advice, I'm using an Apple Developer ID, etc. Still, I'm getting errors trying to run the sample. 2022-08-02 14:43:57.703315-0700 0xf6e9bc  Error    0x0         55202 0  taskgated-helper: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] com.example.apple-samplecode.SampleEndpointAppAMLU8UA7F6.Extension: Unsatisfied entitlements: com.apple.developer.endpoint-security.client 2022-08-02 14:43:57.703354-0700 0xf6e9bc  Error    0x0         55202 0  taskgated-helper: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] Disallowing: com.example.apple-samplecode.SampleEndpointAppAMLU8UA7F6.Extension 2022-08-02 14:43:57.703925-0700 0xf6ee5b  Default   0x0         213  0  amfid: /Library/SystemExtensions/20882B24-F907-4515-9C3D-ADC6E61F486F/com.example.apple-samplecode.SampleEndpointAppAMLU8UA7F6.Extension.systemextension/Contents/MacOS/com.example.apple-samplecode.SampleEndpointAppAMLU8UA7F6.Extension signature not valid: -67671 2022-08-02 14:43:57.704076-0700 0xf6ef8d  Default   0x0         0   0  kernel: mac_vnode_check_signature: /Library/SystemExtensions/20882B24-F907-4515-9C3D-ADC6E61F486F/com.example.apple-samplecode.SampleEndpointAppAMLU8UA7F6.Extension.systemextension/Contents/MacOS/com.example.apple-samplecode.SampleEndpointAppAMLU8UA7F6.Extension: code signature validation failed fatally: When validating /Library/SystemExtensions/20882B24-F907-4515-9C3D-ADC6E61F486F/com.example.apple-samplecode.SampleEndpointAppAMLU8UA7F6.Extension.systemextension/Contents/MacOS/com.example.apple-samplecode.SampleEndpointAppAMLU8UA7F6.Extension: 2022-08-02 14:43:57.704105-0700 0xf6ef8d  Default   0x0         0   0  kernel: proc 54551: load code signature error 4 for file "com.example.apple-samplecode.SampleEndpointAppAMLU8UA7F6.Extension" 2022-08-02 14:43:57.704926-0700 0xf6ef8e  Default   0x0         0   0  kernel: com.example.apple-samplecode.Sam[54551] Corpse allowed 1 of 5 2022-08-02 14:43:57.738424-0700 0xf6edc0  Default   0x0         87   0  systemstats: Doing SMC sample (queued) 2022-08-02 14:44:00.185997-0700 0xf6edcf  Default   0x0         921  0  ReportCrash: Formulating fatal 309 report for corpse[54551] com.example.apple-samplecode.SampleEndpointAppAMLU8UA7F6.Extensi 2022-08-02 14:44:00.187059-0700 0xf6edcf  Default   0x0         921  0  ReportCrash: Unable to find store record for 'file:///Library/SystemExtensions/20882B24-F907-4515-9C3D-ADC6E61F486F/com.example.apple-samplecode.SampleEndpointAppAMLU8UA7F6.Extension.systemextension/': Error Domain=NSOSStatusErrorDomain Code=-10811 "kLSNotAnApplicationErr: Item needs to be an application, but is not" UserInfo={_LSLine=175, _LSFunction=_LSFindBundleWithInfo_NoIOFiltered} 2022-08-02 14:44:00.197169-0700 0xf6edcf  Default   0x0         921  0  ReportCrash: com.example.apple-samplecode.SampleEndpointAppAMLU8UA7F6.Extension is not a MetricKit client 2022-08-02 14:44:00.197939-0700 0xf6edcf  Default   0x0         921  0  ReportCrash: (CoreAnalytics) [com.apple.CoreAnalytics.stability-event:event-send] Sending event: com.apple.stability.crash {"bundleID":"com.example.apple-samplecode.SampleEndpointAppAMLU8UA7F6.Extension","bundleVersion":"1","exceptionCodes":"0x0000000000000000, 0x0000000000000000(\n  0,\n  0\n)EXC_CRASHSIGKILL (Code Signature Invalid)","incidentID":"D4F821FA-40AC-4897-8C20-84895D264CDD","logwritten":0,"process":"com.example.apple-samplecode.SampleEndpointAppAMLU8UA7F6.Extensi","terminationReasonExceptionCode":"0x1","terminationReasonNamespace":"CODESIGNING"} 2022-08-02 14:44:00.199307-0700 0xf6ec8f  Default   0x0         166  0  analyticsd: [com.apple.CoreAnalytics.stability-event:event-recv] Received event: com.apple.stability.crash {"bundleID":"com.example.apple-samplecode.SampleEndpointAppAMLU8UA7F6.Extension","bundleVersion":"1","exceptionCodes":"0x0000000000000000, 0x0000000000000000(\n  0,\n  0\n)EXC_CRASHSIGKILL (Code Signature Invalid)","incidentID":"D4F821FA-40AC-4897-8C20-84895D264CDD","logwritten":0,"process":"com.example.apple-samplecode.SampleEndpointAppAMLU8UA7F6.Extensi","terminationReasonExceptionCode":"0x1","terminationReasonNamespace":"CODESIGNING"} Please help!

I have verified that the extension is loaded: systemextensionsctl list 1 extension(s) --- com.apple.system_extension.endpoint_security enabled active teamID bundleID (version) name [state] * * AMLU8***** com.example.apple-samplecode.SampleEndpointAppAMLU8*****.Extension (1.0/1) Extension [activated enabled] But it is not running/launched: sudo launchctl list AMLU8*****.com.example.apple-samplecode.SampleEndpointApp.Extension Could not find service "AMLU8*****.com.example.apple-samplecode.SampleEndpointApp.Extension" in domain for system What am I missing?

If I run this application from my home developer directory, it doesn't have a problem. When, however, I copy it to /Library/Application Support/Fidelis..., then I immediately get "killed -9" ./protect_am Killed: 9 I have this code structure: ProtectOnAccess.app/ ProtectOnAccess.app//Contents ProtectOnAccess.app//Contents/_CodeSignature ProtectOnAccess.app//Contents/_CodeSignature/CodeResources ProtectOnAccess.app//Contents/_CodeSignature/CodeDirectory ProtectOnAccess.app//Contents/_CodeSignature/CodeRequirements-1 ProtectOnAccess.app//Contents/_CodeSignature/CodeSignature ProtectOnAccess.app//Contents/_CodeSignature/CodeRequirements ProtectOnAccess.app//Contents/MacOS ProtectOnAccess.app//Contents/MacOS/protect_am ProtectOnAccess.app//Contents/Resources ProtectOnAccess.app//Contents/Resources/Info.plist ProtectOnAccess.app//Contents/embedded.provisionprofile ProtectOnAccess.app//Contents/Info.plist ProtectOnAccess.app//Contents/PkgInfo and ./protect_am is a symbolic link as follows: lrwxr-xr-x 1 root wheel 45B Apr 27 14:52 protect_am -> ProtectOnAccess.app/Contents/MacOS/protect_am The thing is, I have had this work at times. No idea what the problem is. Log stream isn't helping codesign -vvvv protect_am protect_am: valid on disk protect_am: satisfies its Designated Requirement codesign -vvvv ProtectOnAccess.app/ --prepared:/Library/Application Support/Fidelis/Endpoint/Platform/services/protect/ProtectOnAccess.app/Contents/MacOS/protect_am --validated:/Library/Application Support/Fidelis/Endpoint/Platform/services/protect/ProtectOnAccess.app/Contents/MacOS/protect_am ProtectOnAccess.app/: valid on disk ProtectOnAccess.app/: satisfies its Designated Requirement Now, I do have entitlements added only to the executable, not to the .app. codesign -d --entitlements :- ProtectOnAccess.app/Contents/MacOS/protect_am Executable=/Library/Application Support/Fidelis/Endpoint/Platform/services/protect/ProtectOnAccess.app/Contents/MacOS/protect_am <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>AMLU******.Fidelis.protect-am</string> <key>com.apple.developer.endpoint-security.client</key> <true/> <key>com.apple.developer.team-identifier</key> <string>AMLU******</string> <key>com.apple.security.cs.allow-jit</key> <true/> </dict> </plist> I would like to know what I'm doing wrong, and what I have accidentally done right from time to time to have it work.

I have a stand-alone executable that has the endpoint-security entitlement. It has taken a bit to get this signed because it's build using a makefile and clang++, not using xcode. I have copied this executable to another mac, and try to run it, but it is getting disallowed because "no eligible provisioning profiles found" sh-3.2# codesign --verify -vvvv -R='anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.1] exists and (certificate leaf[field.1.2.840.113635.100.6.1.2] exists or certificate leaf[field.1.2.840.113635.100.6.1.4] exists)' ./protect_am ./protect_am: valid on disk ./protect_am: satisfies its Designated Requirement test-requirement: code failed to satisfy specified code requirement(s) So this seems to indicate it is missing the provisioning profile. The signing seems correct: sh-3.2# codesign -d --entitlements :- ./protect_am Executable=/Library/Application Support/Fidelis/Endpoint/Platform/services/protect/protect_am <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>AM********.******.protect-am</string> <key>com.apple.developer.endpoint-security.client</key> <true/> <key>com.apple.developer.team-identifier</key> <string>AM********</string> <key>com.apple.security.cs.allow-jit</key> <true/> </dict> </plist> I have no idea how to get this to run. What am I missing?

I recently asked a question about how to sign manually without using xcode. I was provided a link about signing a Daemon with a Restricted Entitlement (https://developer.apple.com/documentation/xcode/signing-a-daemon-with-a-restricted-entitlement). This works, and I have manually signed everything in my DaemonInAppsClothing.app, and it runs. The problem, however, is that when I copy this to another mac running 10.15, it will not load. The output from the log stream is: 2022-03-02 10:53:50.370834-0700 0x910e Activity 0x38f 128 0 amfid: (Security) SecTrustEvaluateIfNecessary 2022-03-02 10:53:50.373382-0700 0x910e Activity 0xac80 128 0 amfid: (Security) SecTrustEvaluateIfNecessary 2022-03-02 10:53:50.375773-0700 0x910e Default 0x0 128 0 amfid: [com.apple.MobileFileIntegrity:amfid] Requirements for restricted entitlements failed to validate, error -67050, requirements: '<private>', error: (null) 2022-03-02 10:53:50.375806-0700 0x910e Default 0x0 128 0 amfid: [com.apple.MobileFileIntegrity:amfid] Restricted entitlements not validated, bailing out. Error: (null) 2022-03-02 10:53:50.375917-0700 0x910e Default 0x0 128 0 amfid: /Library/Application Support/DaemonInAppsClothing/DaemonInAppsClothing.app/Contents/MacOS/DaemonInAppsClothing signature not valid: -67050 2022-03-02 10:53:50.375989-0700 0x91de Default 0x0 0 0 kernel: (AppleMobileFileIntegrity) AMFI: code signature validation failed. 2022-03-02 10:53:50.375999-0700 0x91de Default 0x0 0 0 kernel: (AppleMobileFileIntegrity) AMFI: bailing out because of restricted entitlements. 2022-03-02 10:53:50.376023-0700 0x91de Default 0x0 0 0 kernel: mac_vnode_check_signature: /Library/Application Support/DaemonInAppsClothing/DaemonInAppsClothing.app/Contents/MacOS/DaemonInAppsClothing: code signature validation failed fatally: When validating /Library/Application Support/DaemonInAppsClothing/DaemonInAppsClothing.app/Contents/MacOS/DaemonInAppsClothing: Code has restricted entitlements, but the validation of its code signature failed. Unsatisfied Entitlements: 2022-03-02 10:53:50.376053-0700 0x91de Default 0x0 0 0 kernel: proc 1674: load code signature error 4 for file "DaemonInAppsClothing" 2022-03-02 10:53:50.376528-0700 0x91df Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Sleep interrupted, signal 0x100 2022-03-02 10:53:50.376541-0700 0x91df Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Security policy would not allow process: 1674, /Library/Application Support/DaemonInAppsClothing/DaemonInAppsClothing.app/Contents/MacOS/DaemonInAppsClothing 2022-03-02 10:53:50.376611-0700 0x91df Default 0x0 0 0 kernel: DaemonInAppsClothing[1674] Corpse allowed 1 of 5 2022-03-02 10:53:50.379313-0700 0x9118 Activity 0x6dd4 135 0 syspolicyd: (Security) SecTrustEvaluateIfNecessary 2022-03-02 10:53:50.381449-0700 0x9118 Activity 0x6dd5 135 0 syspolicyd: (Security) SecTrustEvaluateIfNecessary 2022-03-02 10:53:50.385619-0700 0x9118 Default 0x0 135 0 syspolicyd: [com.apple.syspolicy.exec:default] GK evaluateScanResult: 2, PST: (vuid: 261312F5-D32F-4491-9E10-21D820BDAD32), (objid: 7500674), (team: AMLU8UA7F6), (id: (null)), (bundle_id: (null)), 0, 0, 1, 0, 8, 0 2022-03-02 10:53:50.385798-0700 0x8dd0 Error 0x0 135 0 syspolicyd: [com.apple.syspolicy.exec:default] failed to call driver: 0x3 2022-03-02 10:53:50.385783-0700 0x8dd0 Default 0x0 0 0 kernel: (AppleSystemPolicy) ASP: Could not find reference 17, process must have died 2022-03-02 10:53:50.387227-0700 0x8dd1 Default 0x0 213 0 ReportCrash: Parsing corpse data for pid 1674 2022-03-02 10:53:50.387466-0700 0x8dd1 Default 0x0 213 0 ReportCrash: Parsing corpse data for process DaemonInAppsClot [pid 1674] 2022-03-02 10:53:52.487053-0700 0x8dd1 Default 0x0 213 0 ReportCrash: _dyld_process_info_create failed 2022-03-02 10:53:54.987270-0700 0x8dd1 Default 0x0 213 0 ReportCrash: (CoreSymbolication) Failed to read dyld info for process 1674 (6) 2022-03-02 10:53:54.987969-0700 0x8dd1 Default 0x0 213 0 ReportCrash: Failed to create CSSymbolicatorRef for <private>[1674] I have tried to verify the entitlements, but I get this output: Executable=/Library/Application Support/DaemonInAppsClothing/DaemonInAppsClothing.app/Contents/MacOS/DaemonInAppsClothing <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.endpoint-security.client</key> <true/> <key>com.apple.security.cs.allow-jit</key> <true/> </dict> </plist> sh-3.2# security cms -D -i DaemonInAppsClothing.app/Contents/embedded.provisionprofile security: cert import failed: A default keychain could not be found. security: problem decoding Any help would be appreciated

We have a new application I'm writing that uses the endpoint security entitlement. The profile seems to be something we can set up via xcode, but we are not using xcode. We use custom makefiles and manually codesign. When we try to use this entitlement, it fails to load with this error: Code has restricted entitlements, but the validation of its code signature failed. Unsatisfied Entitlements: It appears that this is most likely because we aren't using a provisioning profile, but instead, just using codesign to set hardening and the endpoint security entitlement. I have not found any information about how to fix this, and I am relatively new to apple osx development, so any help would be appreciated!