Hi,
I am implementing a feature to detect whenever a new zip file created in folder with EndpointSecurity API event
Let's say I have folder "test" and inside it there are several files and once we compress the folder "test" using mouse right click >> Compress "test". It will create "test.zip" in the same directory where "test" folder resides.
test.zip file is new file created based on compression so it should be captured with
Please help me to detect the zip file creation event with EndPoint Security API. Any sample or reference would be helpful.
I am implementing a feature to detect whenever a new zip file created in folder with EndpointSecurity API event
Code Block ES_EVENT_TYPE_NOTIFY_CREATE
Code Block ES_EVENT_TYPE_NOTIFY_OPEN
Code Block ES_EVENT_TYPE_NOTIFY_OPEN
Let's say I have folder "test" and inside it there are several files and once we compress the folder "test" using mouse right click >> Compress "test". It will create "test.zip" in the same directory where "test" folder resides.
test.zip file is new file created based on compression so it should be captured with
Code Block ES_EVENT_TYPE_NOTIFY_CREATE
Please help me to detect the zip file creation event with EndPoint Security API. Any sample or reference would be helpful.
That’s not quite how things work. When you create an archive like this, the Finder passes the work off to a helper process, ArchiveService. That creates the zip archive in the temporary directory and then, once it’s done, moves it into place. At no point is a file call test.zip created because the ArchiveService doesn’t use that name for its temporary file.test.zip file is new file created based on compression so it should
be captured with ES_EVENT_TYPE_NOTIFY_CREATE.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"