Endpoint Security client does not receive AUTH event from itself

Hi,

I have two quick questions, I could not find the answer in the official documentation.
  • Am I doing something wrong or ES client does not receive AUTH event triggered by itself (e.g. if the ES client open a file, it does not receive a message even if it is subscribed to AUTH_OPEN event type). On a side note, it receives NOTIFY event from itself.

  • Secondly, if it is the expected behavior or on the contrary I am doing something wrong, is there official documentation describing the expected behavior?

Thanks!
Answered by DTS Engineer in 630311022

Am I doing something wrong or ES client does not receive AUTH event
triggered by itself

We covered these loopback issues in some detail in WWDC 2020 Session 10159 Build an Endpoint Security app.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Accepted Answer

Am I doing something wrong or ES client does not receive AUTH event
triggered by itself

We covered these loopback issues in some detail in WWDC 2020 Session 10159 Build an Endpoint Security app.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Thanks Eskimo as always.

Found the interesting part in the transcript, I will paste it here as other developers might have the same question in the future.

You should also be aware that ES does not send introspective AUTH events as this would lead to trivial deadlocks.
The events will be implicitly allowed.
We will, however, send NOTIFY messages for events instigated by your process.

Share and Enjoy
Endpoint Security client does not receive AUTH event from itself
 
 
Q