I have an Endpoint system extension that, in theory, receives XProtect alerts.
I regularly see XProtectPluginService starting programs like XProtecteRemediatorSheepSwap on my Mac.
I would love to be able to put one or more files/bundles on my Mac that triggers the detectors, so I can see the alerts go from the Endpoint system extension through to the UI.
Does Apple have or recommend a way (short of being infected) for triggering the XProtect detectors for testing?
Post
Replies
Boosts
Views
Activity
I've added the Starfield image from Apple's World sample code to the Progressive immersive project template, and I've experimented with a few other images I had around. I have a few questions:
(1) Lighter shots look fairly pixelated. Does Apple recommend any minimum/maximum resolutions for images used for the giant sphere? (I noticed Starfield is 4096x4096)
(2) I just put the other images in the 2x well for the image set. Should I put other images in their own 2x well no matter the DPI of the image?
(3) Apple's Starfield image is square, but skybox images I've used before tend to be much wider (with the top and bottom areas distorted). Is there a particular aspect ratio I should be using?
(4) In at least one case, I think the center of the image was rotated to the right by about 20 degrees. Is this expected? Could it have been an artifact of the image's size or aspect ratio?
Is it possible to restore an Apple Vision Pro with Apple Configurator on a Mac and an IPSW file?
I would like to begin some network system extension development, but I would feel more comfortable if I could scrub and restore the OS in case something goes wrong.
I have a package installer for my .app created with a sequence of commands (pkgbuild, productbuild, xcrun notarytool, xcrun stapler).
When this installer is run on a pristine machine, the user is prompted to install Rosetta first before being able to run the installer.
Is this expected behavior? Or am I creating the .pkg incorrectly?
For some reason, TestFlight for one account on one Mac is no longer able to accept a TestFlight invitation.
On that Mac, I am logged into iCloud with the relevant Apple ID.
In TestFlight, I sent an invite to that Apple ID.
I open the email with the invite, click on the link, and I get an alert in TestFlight saying:
Couldn't Load App
Your request couldn't be completed.
Try again.
(OK Button)
If I log out of iCloud with that account and log in with another account (which I also sent the invite too), TestFlight shows the app and I can download it.
I have been doing continuous clean installs on this Mac for testing, and I am reusing that Apple ID. Have I hit some hard limit at Apple for how many times I can login with an Apple ID?
Any suggestions on how I can use that Apple ID with TestFlight?
I have an app that, when I submitted for review for the App Store, I asked that it be released as a Private URL.
The first line in the App Review notes is
Please make this app available only through an unlisted app link.
(I believe that is the language Apple's documentation used)
However, I can find the app by searching for it in the App Store.
Is there a way to get it changed to a private URL?
Did I do something wrong when submitting the app?
I am trying to add a video preview for a Mac app on App Store Connect, but I have run into a frame rate issue.
I use macOS's screen video capture feature
Drop the video clip into iMovie
Add a blank soundtrack because App Store Connect rejects it without a soundtrack
Export the video
Upload to App Store Connect.
But then App Store Connect rejects it because of the frame rate (it is 60 fps). App preview specifications says max frame rate is 30 fps.
I can't seem to change the video capture on the Mac to 30 fps. I can't seem to export from iMovie at 30 fps.
Am I missing something?
Do I need to buy Final Cut Pro to create 30 fps video? If so, can I do it on Final Cut Pro for iPad (which seems much cheaper than FCP on Mac)?
I have an installer downloaded from the App Store a few weeks ago for macOS Sonoma 14.1.2 (I've made copies for testing purposes), but today I have been unable to install it on a volume - an experiment I had been conducting repeatedly last week.
Is Apple blocking 14.1.2 from being installed now? (Sonoma 14.2 is the version currently available from the App Store)
Have I reached some kind of limit on the number of times I can install it?
Any other ideas?
Here is the alert:
Note: the problem I am testing is an issue with an app installed from TestFlight (that contained a network system extension) that killed networking when the OS was updated from Sonoma 14.1.2 to Sonoma 14.2. (related post)
I have a recurring problem with software updates by Apple killing all networking when I have a network system extension distributed by TestFlight installed on my Mac.
Any pointers on how to resolve this would be greatly appreciated!
I don't know if it is my network system extension, the fact that it is distributed via TestFlight, or something else.
The latest example is updating to macOS 14.2 today.
I think the relevant Console message is:
Code has restricted entitlements, but the validation of its code signature failed.
The full message for that console message is.
mac_vnode_check_signature: /Library/SystemExtensions/ACB1E368-5355-4959-9800-737ED2BE9EDC/com.xxxxxxxxxxxxxxxx.networkagent.systemextension/Contents/MacOS/com.xxxxxxxxxxxxxxxx.networkagent: code signature validation failed fatally: When validating /Library/SystemExtensions/ACB1E368-5355-4959-9800-737ED2BE9EDC/com.xxxxxxxxxxxxxxxx.networkagent.systemextension/Contents/MacOS/com.xxxxxxxxxxxxxxxx.networkagent:
Code has restricted entitlements, but the validation of its code signature failed.
Unsatisfied Entitlements:
Deleting the app (with its network system extension) immediately restores networking.
I can reinstall the exact same program via TestFlight, and everything runs fine.
The feedback ID (which includes additional details, a screenshot, and a video) is: FB13458972
I'm starting to set up a testing environment for macOS applications, and I want to be able to rollback to different versions of the OS (all machines can be scrubbed, so I don't worry about preserving user data).
I noticed that I can download the latest versions of Ventura and Sonoma from the Mac App Store, but not past versions of Ventura and Sonoma
Is there a way to download earlier versions of these macOSes (or maybe even earlier ones like Monterey)?
Alternatively, if I regularly start downloading macOS installers from the Mac App Store and maintain my own local copies so I can use these to rollback to these versions, do I need to download a version for each hardware?
For example, I currently have an M1 Mac mini, an M2 Mac mini, and an M1 Mac Studio. Do I need to download different installers for each of these hardware platforms?
Someone else may want to test this with their network system extension, but I found a nasty interaction with Apple's latest software update for Safari and my network system extension.
Summary: When I had my network system extension installed and updated to Safari 17.1.2, all networking was lost.
I first ran into this problem yesterday and documented in this thread. Today, I tried to pin it down on Ventura.
This test
Hardware: M1 Mac mini
OS: macOS Ventura 13.6.1 (downloaded from Mac App Store)
Safari version 16.6
Network system extension (mine)
When I updated to Safari Version 17.1.2, I lost all networking!
Furthermore, I could not uninstall my network extension. Deleting the app with the network system extension didn't help.
Fix 1:
Disabled SIP
Removed my network system extension (at which point networking worked fine again)
Reenabled SIP
Reinstalled my network system extension
Everything works fine.
Fix 2
I re-ran the experiment (same initial set up)
Hardware: M1 Mac mini
OS: macOS Ventura 13.6.1 (downloaded from Mac App Store)
Safari version 16.6
Network system extension (mine)
This time:
I removed my network system extension first
I updated to Safari 17.1.2 (this time no problems)
I reinstalled my network system extension
Everything works fine
Having the network system extension in place and then updating Safari to 17.1.2 broke things pretty badly for me.
Was there something I did wrong with my network system extension design?
Today, I applied the latest security patch to my Mac Studio, and on reboot, I had no networking. It appears to have been a system extension issue.
At one point, I needed to "Allow" Apple system software in System Settings. I found that strange.
I thought I'd document the issue and my resolution in case someone else runs into this.
(1) I did the usual - reboot, shutdown & restart, reboot my Eero mesh; changed from Wi-Fi to wired Ethernet. Nothing worked.
(2) I do have my own application that uses a network system extension, so I went through the system extension uninstall process (using the API). Still no joy.
I then tried to reinstall the network extensions, but that didn't seem to work. I was never prompted to open the System Settings app. I think the network system extension had not actually been removed.
I deleted the app (which should remove the network system extension). Still no joy.
Interestingly, launchctl still showed a crashed network system extension (no PID, status -9)
(3) I then disabled SIP, rebooted, and used systemextensionsctl to remove the network system extension.
While doing this, I discovered an old network system extension from several years ago tied to one of my old organizations and may have been built for Intel CPU. I deleted that too.
(If I had to guess, it might have been that old network system extension that caused the problem.)
Reenabled SIP
Rebooted.
(4) At some point I got an interesting alert from Apple about System Extension errors.
And when I opened System Settings, I had to allow an extension from Apple?!
(5) Networking is now working.
I reinstalled my application from TestFlight, installed the network system extension, and everything is still working.
(6) Summary
I lost networking after applying the security update.
Worried that it might be my program, I tried uninstalling the network system extension, but I could not cleanly uninstall and reinstall my network system extension as I've done many times before.
I found an old network system extension; deleted both network system extensions with SIP disabled.
I had to Allow Apple software.
Everything works (including my app with its network system extension installed).
I am not sure what the root cause was. My old network system extension? The fact I needed to Allow Apple software? My current app and its network system extension?
I have a Mac app in App Store Connect (currently in TestFlight beta testing). When I first uploaded the sample screenshots and clicked on them immediately after uploading, the images were clear.
Now, when I click on the preview images to see larger versions of them, they are much smaller and fuzzier than before.
Is this an artifact of the portal (perhaps just showing me upscales of the thumbnails), and when I release to the App Store the screenshot images will be clear again?
Or have I done something wrong?
I am having troubles notarizing an installer package.
I created an installer package using the pkgbuild and productbuild, and then I tried to notarize it with notarytool, but I got an error message.
The error message led me to Use a valid Developer ID certificate, which includes the statement
Sign installer packages with a Developer ID Installer certificate
The app is signed with the team Developer ID and is notarized (via Xcode).
I signed both packages (during pkgbuild and productbuild) with a certificate created when I clicked Mac Installer Distribution in the developer portal, and it created a certificate named "3rd Party Mac Developer Installer: my company"
Is this the wrong certificate?
If it is the wrong certificate, which one should I create in the developer portal? (I didn't see anything specified as "Developer ID Installer")
If it is the right certificate, any idea what I might have done wrong?
Note: The reason I am trying to notarize the installer package is because when I tried testing the installer in my test VM, I received the following message (I thought signing the pkg would have prevented this):
I have a macOS app that installs an endpoint system extension. After the user clicks "Allow" to allow it to be installed, the user must still scroll up to the "Full Disk Access" section and enable full disk access for the system extension.
It is easy for the user to forget to do this.
Is there an API (or other easy way) for the installing app to check whether the endpoint system extension has been granted full disk access?
I would like to display some big message in the GUI saying "You must enable Full Disk Access" until they do.