Hi Quinn,
I might have added the AppleScript tag by mistake. Yes we are creating an installer package and yes we are using system extensions.
Post
Replies
Boosts
Views
Activity
Apologies, I was not able to paste the whole crash report. I have attached it as text file.
[[crash_endpoint_security_extension](](https://developer.apple.com/forums/content/attachment/2abc041e-1975-4ae5-9691-ce77bcb16024))
[https://developer.apple.com/forums/content/attachment/2abc041e-1975-4ae5-9691-ce77bcb16024]
I have opened a TSI as suggested.
Thanks
Hi Matt,
As I mentioned before I did try that first and then only went for the generic condition. It was not working when I gave a specific port number and only inbound connections as the filter rules. So I decided to go for a generic condition to check if at least I am able to receive an inbound flow. But unfortunately I am not receiving any inbound flows.
Thanks
Small update, I gave some logs inside start filter function and it is getting displayed. I have started a server on the port which I am interested in and when I hit that endpoint I am not getting a new flow. I am using the sample code used for the simple firewall application.
I am not able to log anything from the network extension. Any way to verify why the extension has not come up ?
We are looking at vnode_fsnode of the vnode if that is what you are asking. We use this value to get smb_node to check if the offline bit is set or not. Any other alternative for this will be highly useful for us. We are blocking apps based on this value.
Since this value will be able to be fetched only from the kernel, is it possible to have a kernel extension just for this purpose and do the blocking from the endpoint security side?
Yes, I have been granted access.