How to apply for and been grant access to com.apple.developer.endpoint-security.client

App & System Services Core OS
Sam96 OP
Created Jul ’20
Replies 6
Boosts 0
Views 1.6k
Participants 2
I have tried to run EndPoint security sample project (MonitoringSystemEventsWithEndpointSecurity)

I have enabled system extension capability for my container app.

but I have get "Unsatisfied entitlements: com.apple.developer.endpoint-security.client" error.

How to fix this issue?

And How can i enable Endpoint security entitlement for my system extension.
Answered by DTS Engineer in 623843022
Ah, sorry, I misunderstood where you were starting from. The EndpointSecurity entitlement (com.apple.developer.endpoint-security.client) is a special entitlement. You must be granted access to it by Apple. The documentation includes a link to the application form.

Is this step mandatory?

For deployment, yes. For initial bringup you can test ES by disabling SIP (on a ‘victim’ machine, of course).

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Replies  6
Boosts  0
Views  1.6k
Participants  2
DTS Engineer OP
Apple
Jul ’20
The basic process is:

  1. Change the bundle ID of your sysex. This may require follow-on changes elsewhere in the project.

  2. Using the developer web site, create a new App ID based on that bundle ID.

  3. Then create a new provisioning profile based on that. This will give you the opportunity to add the ES entitlement to that profile’s allowlist.

  4. Download the profile and add it to Xcode.

  5. In Xcode, in Signing & Capabilities, disable automatically signing and select that provisioning profile.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
Sam96 OP
Jul ’20
@EsKimo: Thanks for reply.

I have cerated bundle ID for app and added "Network Extension" capability for that bundle id using the developer web site.

Now here are my questions:

  1. Can I use NetworkExtension and EndPointSecurity in same system extension.

  2. Do I need to add EndPointSecurity capability in Apple web site? I have not found EndPointSecurity capability option in capability list at "Certificates, Identifiers & Profiles >> All Identifiers >> Review your App ID Configuration"

Is this because my role is Developer?

3. Do I need addition step to use EndPointSecurity Api's?
According to https://developer.apple.com/system-extensions/ this link, to use the EndpointSecurity API, I’ll need to request an entitlement from Apple.
Is this step mandatory?


0
DTS Engineer OP
Apple
Jul ’20
Accepted Answer
Ah, sorry, I misunderstood where you were starting from. The EndpointSecurity entitlement (com.apple.developer.endpoint-security.client) is a special entitlement. You must be granted access to it by Apple. The documentation includes a link to the application form.

Is this step mandatory?

For deployment, yes. For initial bringup you can test ES by disabling SIP (on a ‘victim’ machine, of course).

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
Sam96 OP
Jul ’20
@eskimo

Thanks for reply.

Can I use NetworkExtension and EndPointSecurity in same system extension?
0
DTS Engineer OP
Apple
Jul ’20

Can I use NetworkExtension and EndPointSecurity in same system extension?

Not the same extension, but you can package an NE sysex and a ES sysex in the same container app.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
Sam96 OP
Jul ’20

Not the same extension, but you can package an NE sysex and a ES sysex in the same container app.

Ok. so I need to activate both the extensions at the installation time.
it will become little bit complex, but I will try this solution as there are no other option exist.



0
How to apply for and been grant access to com.apple.developer.endpoint-security.client
First post date Last post date
 
 
Q