Actually I made a mistake before, If I remove that line from the script the issue disappears. Why could this be? Did something change in Sonoma regarding this?

Nothing else, that is the only thing the script does. What are those better ways to activate the extension? We already have profiles deployed that grant the extension permission and full disk access if that is what you mean

Hi Quinn, we only deploy on managed environments and we've never had problems loading the extension like that. Also if I remove that line from the script the issue persists.

No I can't. I actually made a mistake in my question instead of detecting malware we are trying to detect anomalies in the behaviour of the user. For example lets say you have a user who is a director of the company and has a mac, those types of people won't be executing python scripts on the terminal, that would be an anomaly for that particular user. That is one of the things we would like to detect.

OK I get it. As always, thank you for all the help Quinn :)

Thank you Quinn !!

Quinn, I don't understand why you question the use of the timeout, I mean the deadline of the msg is provided for a reason right? Also if I use a timer like asyncAfter I will have to wait for the deadline to respond to the msg, with the semaphore i could signal it and respond way before the deadline if the thread doing the work is done. I understand it is not ideal to block the thread but don't I need to block to wait for the ref count you suggested? Thanks for all the tips.

No, I am building an ES product I removed some parts of my code as I thought it wasnt necessary to show them. I will update the post.

Hi Quinn. Yes I am copying the message and have set up a semaphore so i dont exceed the deadline of the auth message. To give more context, there is one specific program that generates this error and that is golang. Whenever some of my users try to build/run a project with go it crashes. But like I said, not all users have this error, apparently this only happens in M1 macs with Monterey.

I symbolicated the crash and found the specific part of my code where i call this description (I call it on various places so I wasnt sure which one it was). What I found out is that I am calling this description property on the same es_string_token_t two times, the first time it runs no problem and the seconds time it fails. This is why I don't think there is a problem with the string like you suggested because if it was it should fail the first time. I will try and log the value of length

According to the documentation of cString: : If cString contains ill-formed UTF-8 code unit sequences, this initializer replaces them with the Unicode replacement character ("\u{FFFD}"). So even if it is not encoded in utf8 it shouldnt crash, right?

In my org, via MDM the macs of the employees are going to receive a certificate to validate their identity when they connect to the corporate network. We are wondering if there is a way to prevent users from exporting this certificate.

Yeah something told me that wasn't a good idea lol. I will take a look at code requirements and check this post in a couple of weeks in case you have any news. Thanks!

Thanks to both for the help!!

Thanks a lot Quinn! I wasn't aware you could sign a file like that.