I did try to run a sample endpoint security app from official documentation. https://developer.apple.com/documentation/endpointsecurity/monitoring_system_events_with_endpoint_security I did turn off SIP and use a profile with access to system extensions. Moved the built app to the application folder. But on the console I always get output like this: Jul 5 15:27:29 com.apple.xpc.launchd[1] (XY28F7M994.com.test.ESTest.ESTest.ESTestExt[54059]): removing service since it exited with consistent failure - OS_REASON_CODESIGNING | When validating /Library/SystemExtensions/51DB56F4-508F-4771-ADA1-61033CA939FF/com.test.ESTest.ESTest.ESTestExt.systemextension/Contents/MacOS/com.test.ESTest.ESTest.ESTestExt: Jul 5 15:27:29 com.apple.xpc.launchd[1] (XY28F7M994.com.test.ESTest.ESTest.ESTestExt[54059]): Binary is improperly signed. Jul 5 15:27:29 com.apple.xpc.launchd[1] (XY28F7M994.com.test.ESTest.ESTest.ESTestExt): Service only ran for 0 seconds. Pushing respawn out by 10 seconds. Please help