Endpoint Security Create Notification and ES_DESTINATION_TYPE_NEW_PATH

I'm not sure how to trigger dest type new path with create notification events.


I only ever see existing file. If I write a simple C program that creates a new file in a directory, I don't get ES_DESTINATION_TYPE_NEW_PATH, but instead get existing file but the file didn't exist prior. I don't mind the behaviour at all, since I get stat as part of existing file -- which is not available with the new path destination type.


I'm just wondering, under what circumstances would a destination type be ES_DESTINATION_TYPE_NEW_PATH with the event ES_EVENT_TYPE_NOTIFY_CREATE?

Up vote post of dragonball Down vote post of dragonball
433 views
Posted by
dragonball
Reply
Add a Comment

Accepted Reply

This seems to be pretty well covered by the doc comments in 

<EndpointSecurity/ESMessage.h>
. Open up that file and search for 
ES_DESTINATION_TYPE_NEW_PATH
.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

This seems to be pretty well covered by the doc comments in 

<EndpointSecurity/ESMessage.h>
. Open up that file and search for 
ES_DESTINATION_TYPE_NEW_PATH
.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment