@KarthikSiva : This is an ugly hack, but remarkably it seems to work on all recent versions of the OS: https://derflounder.wordpress.com/2021/10/26/silently-uninstalling-system-extensions-on-macos-monterey-and-earlier/.
I hate to be an advocate for this kind of greasy workaround, but absent any updated direction from Apple, this is what we're going to be doing for now.
Post
Replies
Boosts
Views
Activity
Following up on this older thread—has anything changed in this regard in the last couple of years? Is an interactive removal (drag to trash, or equivalent achieved by AppleScript to the Finder) the only way to deactivate and remove a system extension?
Update: I figured out the problem, and the solution, and posted it to your thread on this which I came across after this one.
@mtsrodrigues Same here. This diffable data source seems neat, but seems to be offering as many regressions as advances. Did you find a way around this?
Whoops, I should have typed "@meaton" instead of "@Matt". (Interestingly I'm pretty sure I typed "@Quinn" too, but it was magically transformed to "@eskimo".)
EDIT: I DID! Even here, but it's silently transforming "@ Q u i n n" (sans spaces, added for clarity this time) before display. Fascinating.
I don't know why my reply shows up as one long paragraph. I definitely formatted it more thoughtfully. (Looks like a bug in this forum software; the HTML paragraph tags are being given a class="inline" in the CSS, which is abjectly wrong.)
Hi Matt,
Thanks for the reply. Indeed, looks like connections made from an NEFilterControlProvider do work. (It would be helpful if the docs for NEFilterDataProvider mentioned that its implementation of the stream-creation methods is designed to fail.)
However, it seems that an NEFilterDataProvider is disallowed from writing to the filesystem at all, even in a shared app group container; is that right?
My goal is to log network activity happening on the device, and it appears that an NEFilterDataProvider is the most capable agent for this (making it possible to ascertain new connections, their terminations, and also classify such traffic such as based on destination port or address). NEFilterControlProvider is significantly more limited in that regard.
As such, I was hoping I could use an NEFilterControlProvider as a bridge for exfiltrating these data, but it looks like I'm pushing on a rope here—XPC is unavailable on iOS, and neither named pipes nor plain files seem writable by the NEFilterDataProvider. Can you suggest an alternative approach?
thanks,
-ben