I am learning about endpoint security and other system extensions, while I was handling ES_EVENT_TYPE_AUTH_IOKIT_OPEN event I realized that I cannot auth deny any bluetooth events. I tried to deny any open or execute events related to com.apple.bluetoothd but it did not work. I searched google and found out that I can use CoreBluetooth to control bluetooth. But when I get connected to bluetooth keyboard or mouse, didConnectPeripheral dose not get called or when I call [central cancelPeripheralConnection:peripheral] disconnection never happens. Is there any recommendation for handling or controlling events related to bluetooth connection?

I am playing around with Endpoint Security using demo code. I tried to handle AUTH open event on specific folder in my Desktop,set to deny all, but whenever I set this extension, I successfully get deny all on the folder as well as all other files and documents in the Users space. static void handle_open_worker(es_client_t *client, const es_message_t *msg) { static const char *test_nnn = "/Users/myname/Desktop/endpoint_test/block_this_folder/"; static const size_t nnn_length = sizeof(test_nnn) - 1; if (strncmp(msg->event.open.file->path.data, test_nnn, nnn_length) == 0) { es_respond_flags_result(client, msg, 0, true); } else { // Allow everything else... es_respond_flags_result(client, msg, 0xffffffff, true); } } why the code applies to all other files rather than only deny open on /Users/myname/Desktop/endpoint_test/block_this_folder/

I am trying to build Endpoint Security demo app on xcode, when I run sudo launchctl list 3xxxxxxxx6.com.example.apple-samplecode.SampleEndpointApp.Extension i get { "LimitLoadToSessionType" = "System"; "MachServices" = { "3FB5H67G96.com.example.apple-samplecode.SampleEndpointApp3FB5H67G96.Extension.xpc" = mach-port-object; }; "Label" = "3FB5H67G96.com.example.apple-samplecode.SampleEndpointApp3FB5H67G96.Extension"; "OnDemand" = false; "LastExitStatus" = 9; "Program" = "/Library/SystemExtensions/24197CF7-F318-4968-87D5-B869AAF544F5/com.example.apple-samplecode.SampleEndpointApp3FB5H67G96.Extension.systemextension/Contents/MacOS/com.example.apple-samplecode.SampleEndpointApp3FB5H67G96.Extension"; }; when I run the app i get Successfully installed the extension ✅ but noting happens. what should I do from here? plz halp

Hi all, I am trying to build endpoint security demo app, so far, I have been granted access to, the ES entitlement, and I enabled it, the app runs without error, when I run the app, it says "Successfully installed the extension" I granted full disk access to the extension and the app, but when I use "sudo launchctl list 3FB5******.com.example.apple-samplecode.SampleEndpointApp.Extension" Could not find service "3FB5******.com.example.apple-samplecode.SampleEndpointApp.Extension" in domain for system even though app runs without error, "auth_demo" function such as prevent opening textedit does not work. can I get any help from here? thanks!