Is there an update for this issue? We also filed a feedback ticket but have heard nothing.

I think this issue is fixed in 13.4.1c

Also looking for a workaround or alternative solution to this problem.

Happening to me, too.

I moved my proxy executable to /Applications and the sourceAppAuditToken started appearing in flows.

Does this only affect system apps? Or are you seeing it with third-party apps installed in /Applications? The only application that seems to have this issue is the Notes app. I have not seen any issue with third-party apps.

Hmmm, my deployment target *is* macOS 11 and I added the key pair at the top level of the .entitlements file for the System Extension. The errors I see are mostly 100001 and 100002 and seem to only happen immediately after the extension is loaded and then enabled by my controlling app. The flows that causes the issue look like this: Handling new flow:          identifier = 653961C1-DD57-4D21-911F-FFDAAB85A5C6         hostname = gateway.icloud.com         sourceAppIdentifier = .com.apple.Notes         sourceAppVersion = 4.8         procPID = 541         eprocPID = 0         direction = outbound         inBytes = 0         outBytes = 0         signature = 32:{length = 32, bytes = 0x6fc70082 f36f6a3f 06f2f743 9d080e85 ... 2c19f9f3 158a5fd3 }         remoteEndpoint = 17.248.242.37:443         remoteHostname = gateway.icloud.com         protocol = 6         family = 2         type = 1         procUUID = DBA793E1-FD3D-348E-BE25-18E5C8A0DFD4         eprocUUID = 09F24272-54CB-3550-8826-D54C7A324D99 I was able to reproduce this 100% of the time. I only have to launch my app which loads and then enables the sysex. When I quit Notes, the error doesn't occur. If I launch Notes after loading the system extension, the error occurs. It appears that Notes.app is properly signed although I note that it is in /System/Applications: codesign -d --requirements - /System/Applications/Notes.app Executable=/System/Applications/Notes.app/Contents/MacOS/Notes designated = identifier "com.apple.Notes" and anchor apple

Is the given workaround still necessary? Where within the entitlements plist structure does it go? I added it at the top level and it had no apparent effect.

Thank you for the reply. I found the answer yesterday. The security level is set from the Startup Disk utility in Recovery Mode.