I'm experiencing the same problem. The Filtering Network Traffic demo does not call StartFilter. Furthermore, adding logging in the DataProviders init as you suggested does not show in the console, even though I can see that the extension was found by NEsessionmanager.

I'm having exactly the same issue here. Would really like some help

Hi Eskimo, thanks for the reply.I'm using NEFilterDataProvider.I've noticed that the extension won't start unless either the host app is in /Applications/ or 'developer' mode is 'on' in 'systemextensionctl'.Is there a way to get around this and launch from a launchDaemon installed at /Library/LaunchDaemons ?Best Regards,Rob

thank you for confirming this.I'm eager to see an answer to this question https://forums.developer.apple.com/thread/124034Its been up for some time without any reply.Best Regards,rob

Has anyone here solved this ?

Also note that the binary appears signed :NOTE that I've tried in a fresh project to, but this is from attempting to add the endpointSecurity Extension into the FilterNetworkTraffic example that apple provided.'codesign -dvvv --entitlement :- [PATH_TO_APP]'(output slightly obfuscated with _____)Identifier=com.example.apple-samplecode.SimpleFirewall_______Format=app bundle with Mach-O thin (x86_64)CodeDirectory v=20200 size=2709 flags=0x0(none) hashes=76+5 location=embeddedHash type=sha256 size=32CandidateCDHash sha256=58331fd900707ae49b2943de6dfc27b178cfbe34CandidateCDHashFull sha256=58331fd900707ae49b2943de6dfc27b178cfbe347135ac15fb58bd7ce4e170c0Hash choices=sha256CMSDigest=58331fd900707ae49b2943de6dfc27b178cfbe347135ac15fb58bd7ce4e170c0CMSDigestType=2CDHash=58331fd900707ae49b2943de6dfc27b178cfbe34Signature size=4746Authority=Apple Development: ___________Authority=Apple Worldwide Developer Relations Certification AuthorityAuthority=Apple Root CASigned Time=Jan 23, 2020 at 10:34:54 AMInfo.plist entries=23TeamIdentifier=_________Sealed Resources version=2 rules=13 files=11Internal requirements count=1 size=224<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict> <key>com.apple.application-identifier</key> <string>______.com.example.apple-samplecode.SimpleFirewallB75W84SR5U</string> <key>com.apple.developer.endpoint-security.client</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>content-filter-provider</string> </array> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.team-identifier</key> <string>_______</string> <key>com.apple.security.app-sandbox</key> <false/> <key>com.apple.security.application-groups</key> <array> <string>_______.com.example.apple-samplecode.SimpleFirewall</string> </array> <key>com.apple.security.files.user-selected.read-only</key> <true/> <key>com.apple.security.get-task-allow</key> <true/></dict></plist>

Thanks, have done so. Please see https://forums.developer.apple.com/message/403291#403291

thanks for the help, I've tried this. See https://forums.developer.apple.com/message/403291#403291

Hi scknight,I've done all of these things and I'm still getting a code signiture error : https://forums.developer.apple.com/message/403291#403291BR

For anyone finding this - please see this post for the answerhttps://forums.developer.apple.com/message/403168#403168

Thank you Eskimo, that post was very useful.

Useful thing to know if anyone find this - after turning off sid protection 'crsutil disable' in recovery mode, you should use 'systemextensionsctl developer on' to allow the system extension to install from the build directory instead of /Applications.I've also found that using 'systemextensionsctl reset' before using 'systemextensionsctl uninstall' can lead to an odd state where when you install a network extension with the same name it may not work correctly, the NSXPconnection will fail to connect.also strangly enough, after using systemextensionsctl unistall, the extension will say something like, 'uninstalled will remove on reboot' but I wont actually but removed on reboot. It will eventually disappear from the list after some undetermined number of reboots. Its very odd behaviour and again can effect extensions with the same name.The best thing to do is to use 'systemextensionsctl developer on' and never explicitly uninstall the extension, just rebuild and run to 'upgrade'

Hi Eskimo,I've built an endpointSecurity extension into a launchDaemon. This worked on a development machine with SIP disabled. I now want to add the proper EndpointSecurity entitlement I obtained through apple so I can run on machines with SIP enabled. However this comes as a provisioning profile. Can we build a launch daemon with this provisioning profile ?

Hi Eskimo,Could you please elaborate on this ? I have a built launchDaemon and want to apply the endpoint security extension entitlements I downloaded from my apple dev account.So far I've tried:1) download the provisioning profile from dev console.2) extract the entitlements into a '.entitlements' file, via 'security cms -D -i securitytool.provisionprofile > securitytool.entitlements3) applying that entitlements with 'codesign --entitlements securitytool.entitlements -f -s "[APPLICATION_ID]" [BINARY]Result:es_new_client() is getting back 'ES_NEW_CLIENT_RESULT_ERR_NOT_ENTITLED'Please could you tell me step by step how to add valid entitlements to a built launch daemon ? (I build offline on a different machine)NOTE - I have asked this in its own thread : https://forums.developer.apple.com/message/407976#407976Best Regards,Rob

For reference, eskimo has responded in the new thread that I posted in the last comment