Seems like it is only happening on the Monterey. Feedback FB9605587.
Post
Replies
Boosts
Views
Activity
Few tips that will probably save some time for someone willing to use Endpoint Security without System Extension:
you, can instantiate esclientt from within any process, including launchd agent or daemon without System Extension
however, you will not get any benefits of the System Extension, like early boot or whatever-will-come-in-future
your users will need to grant Full Disk Access to that daemon (manually, or through MDM), daemon will not appear in Privacy prefpane automatically, however you can do some mambo-jumbo that will involve an executable to be inside some of your bundles, then FDA will propagate to that executable and app will be visible in the prefpane
and sure thing, you will need to have a proper provisioning profile in you daemon's bundle (yes, bundle, e.g. .xpc)
also, this is not mentioned anywhere explicitly (or is it?), but daemon with EndpointSecurity entitlements may not have Hardened Runtime relaxation entitlements at the same time, e.g. strict library validation disabled
macOS Big Sur beta 2 is still 10.16 according to sw_vers :(
As you've noticed stapling is not supported for .zip packages (there is nowhere to put ticket), this is correct. macOS will indeed download and check notarization ticket for your binary upon first launch. But if there is no internet connection, this will fail and you will get nasty Gatekeeper alert. What you can do — create a package that will install you daemon (and probably launchd plist and some bootstrap script I guess) with pkgbuild and productbuild. Product package can be signed, notarized and stapled.
Spindumps are already there.
Ok, it seems Xcode starts to hang after adding ~15 targets into a single scheme. More targets => longer hangs.
Done — FB7770902.
Hardware: MacBook Pro (15-inch, 2017), 2,8 GHz Quad-Core Intel Core i7, 16 GB 2133 MHz LPDDR3, Intel HD Graphics 630 1536 MB.