I have also encountered this kind of problem and do not know how to solve it. Have you found a solution?

Hello, as suggested by you, I intend to apply for the permission of Apple Distribution of EndpointSecurity, but it has been five months now. May I ask when our application will be approved?

Hello, I have also encountered such a problem. My logic is to ensure that only the system extension of the newer version can be installed before the system extension of the old version can be run. However, after I upgrade the system extension, The XPC server for system extension is not started. Have you solved it yet? How was it solved? Please let me know if you know. Thank you.

Hello, I would like to ask about the application of distribution permission, usually fixed for such a long time, or should I keep applying? I have applied for nearly 7 months, but there has been no feedback, so I can't go on with my work, may I ask how you sent the email application, can you tell me? I really need it. Thank you.

May I ask which email address or whom can I contact to know the progress of my permission application?

How else can I contact the team that approved EndpointSecurity distribution? Because the EndpointSecurity framework's distribution permissions are important to my work. The EndpointSecurity App I developed needs to be distributed to other users of the company under the permission of distribution. Thank you for your answer.

I also think that it may not be good to intercept the operation of the code copy file

At the same time, I found a new problem. I wanted to block writing to a file. If writing to the file through program code does not seem to trigger the ES_EVENT_TYPE_AUTH_OPEN event, causing the program code to still write to the file. NSFileManager *fileManager = [NSFileManager defaultManager]; if([fileManager fileExistsAtPath:self.CopyFilePath.stringValue]) { // Write to file NSString *content = @"test"; [content writeToFile:self.CopyFilePath.stringValue atomically:YES encoding:NSUTF8StringEncoding error:nil]; } I would like to know what events can be monitored to intercept program code writing to a file

Thank you very much for your reply. I understand the problem.

Since I am a beginner in osx development, I want to learn the usage of fs_usage. Do you have any recommendation materials or can you provide some examples of fs_usage

i used Objective-C

I found a solution. Thank you

An __exceptionPreprocess problem has been found in the main thread's always, which is in the main thread, and I'm not sure why it affects the com.apple.root.default-qos thread. With a fix to the __exceptionPreprocess error in the thread, the crash did not occur again.

Using a Dispatch semaphore to turn an asynchronous call into a synchronous call is generally considered bad form. That’s because the semaphore can’t propagate priority. That’s why we have -synchronousRemoteObjectProxyWithErrorHandler:. In the code serverProxy for synchronousRemoteObjectProxyWithErrorHandler access object The use of dispatch_async is to implement an asynchronous operation, and implement the corresponding timeout operation, to be precise, I should be required here to drop a serial column, the reason is because I found the line of sight NSXPC interface call timeout mode is like this. On the server side does not trigger the callback, the awareness is that the client side calls callbackWithInfo:info reply:^(bool action) and waits for the server side to call the action to implement the callback, but if the server side does not call the action all the time, That leads to more and more fds. I'm sure that if the NSXPC server side does not call the action callback function, the number of ports on the client side will increase. When the nsxpc server started returning the corresponding action callback function, the number of port numbers in the client program decreased significantly

What QoS type should I set for the NOTIFY event