Post

Replies

Boosts

Views

Activity

Apps white-listed for network traffic?
Hi, According to this article: thenextweb.com/plugged/2020/11/16/apple-apps-on-big-sur-bypass-firewalls-vpns-analysis-macos/ it seems that some applications are white-listed in BigSur so that network extensions don’t see the network traffic from those applications. After some testing, it seems that this is the case only if a NEFilterDataProvider is used. If a NEFilterPacketProvider is used, all network traffic is seen by the filter – i.e. no white listing of Big Sur apps. Can someone please confirm that this is the case and shed some light on this issue? Thanks!
1
0
434
Nov ’20
Apps not listed in "Full Disk Access" until specifically added
Hi, I have a project that contains multiple executables (command-line apps and cocoa apps), all of which are installed under /Library/Application Support/ When the apps run, the command-line apps and one cocoa app appear in the FDA pane, while the others do not, and have to be added manually. Of course I do not want users to have to do that. Is there some configuration that needs to be done so that the apps will appear in the list? It seems to be some indexing issue, when I open the folder in Finder - the apps immediately show up in the FDA list (of course I don't want to have to do this either). Thanks :)
0
0
389
Nov ’20
Notarization on Big Sur 11
Hi, I am working on adapting my apps to be compliant with the requirements of MacOS 11, including notarization. For prioritizing purposes, I want to understand the exact status of the notarization requirements: Following WWDC, is there any word from Apple about this? Will it work the same way it did on Catalina, or will apps that are not notarized be denied by the OS? Thanks!
3
0
994
Jul ’20
FilterPacket - StartFilter not working with objective-c
Hi, When trying to create a simple app with a NEFilterPacketProvider, it seems that the class is not created, and StartFilter does not run. Here is my configuration code in the app that installs the extension: (void) enableFilterConfiguration {     void(^loadCompHandler)(NSError* error) = ^(NSError* error){     if (error != nil)     {       NSLog(@"loadFromPreferences failed with error: %@", error);       return;     }           if ([NEFilterManager sharedManager].providerConfiguration == nil)     {       NSLog(@"Setting up filterProviderConfig");       NEFilterProviderConfiguration* filterProviderConfig = [[NEFilterProviderConfiguration alloc] init];       filterProviderConfig.filterPackets = YES;       filterProviderConfig.filterSockets = NO;       [NEFilterManager sharedManager].providerConfiguration = filterProviderConfig;     }           NSLog(@"Saving to preferences");           [[NEFilterManager sharedManager] setEnabled:YES];           void(^saveCompHandler)(NSError* error) = ^(NSError* error){       if (error != nil)       {         NSLog(@"saveToPreferences failed with error: %@", error);       }     };     [[NEFilterManager sharedManager] saveToPreferencesWithCompletionHandler:saveCompHandler];   };       [[NEFilterManager sharedManager] loadFromPreferencesWithCompletionHandler:loadCompHandler]; } And here is the code of the extension: (instancetype)init {   NSLog(@"FilterPacketProvider init");   self = [super init];       return self; } (void)startFilterWithCompletionHandler:(void (^)(NSError *error))completionHandler {   NSLog(@"Starting filter");   self.packetHandler = ^NEFilterPacketProviderVerdict(NEFilterPacketContext * _Nonnull context, nw_interface_t _Nonnull interface, NETrafficDirection direction, const void * _Nonnull packetBytes, const size_t packetLength) {     NSLog(@"Packet caught");     return NEFilterPacketProviderVerdictAllow;   };   NSError* error;   completionHandler(error); } (void)stopFilterWithReason:(NEProviderStopReason)reason completionHandler:(void (^)(void))completionHandler {   completionHandler(); } None of the logs in the extension code are printed. When running the "SimpleFirewall" sample code, it works. The only difference I can think of is that it's in Swift while my code is in objective-c. Has anyone succeeded in implementing this? Thanks!
4
0
776
Jul ’20
KEXTs in Macos10.16
Hi,I have read in several articales that KEXTs will not run in 10.16, but have not seen any such official statement from Apple.Can anyone confirm this?I know that KEXTs are going to be deprecated, but will they run on 10.16 or will they be blocked by the OS?Thanks!
4
0
1.3k
Jun ’20
Endpoint Security AUTH event for file deletion?
Hi,I have created a command line app that uses the EP framework, events seem to work well.I want to handle file deletions, but can't seem to find a proper event for that.The Apple documentation says:ES_EVENT_TYPE_AUTH_UNLINKA type that represents events for authorizing the deletion of a file.https://developer.apple.com/documentation/endpointsecurity/es_event_type_t/es_event_type_auth_unlink?language=objcHowever, this does not seem to work. Also the name sounds like it refers to something else.Is there another event that accomplishes this? It seems like there are events for all basic file operation except deletion.Thanks!
8
0
1.7k
May ’20