When an Endpoint Security client gets an auth message, one of the fields in that message is the deadline, as described in the ESMessage.h file as so:
* @field deadline The Mach time before which an auth event must be responded to.
* If a client fails to respond to auth events prior to the `deadline`, the client will be killed.
What happens if the client gets the message and either the machine is put to sleep or the VM is suspended until past the deadline time and the client can't repsond? Will the kernel still kill the client? Should it be smarter and understand sleeping / suspension?
I ask because I've seen many deaths upon waking my VM and seeing this dreaded message in the log.
"2020-03-10 10:50:08.284731-0700 0x430d Error 0x0 0 0 kernel: (EndpointSecurity) Client did not respond in appropriate amount of time (client pid: 773)"