What info can i get about non-signed software using Network Extensions

Hi, I am working with a Content Filter Network Extension. I was wondering what information i could obtain from an unsigned process that is generating outbound traffic.

Will NEFilterFlows from this process come with a SourceAppAuditToken ?

If so, can i use this to find the location of this process and what command line arguments where used to execute it?

If this is possible how can i do this, i could not find documentation about this.
Thanks.
Up vote post of mhunt@mercadolibre.com Down vote post of mhunt@mercadolibre.com
557 views
Posted by
mhunt@mercadolibre.com
Reply
Add a Comment

Accepted Reply

Turns out i can get the path with SecCodeCopyPath, when I manage to get the command line arguments of the process I will share how I did it.
Posted by
mhunt@mercadolibre.com
Up vote reply of mhunt@mercadolibre.com Down vote reply of mhunt@mercadolibre.com
Post marked as solved
Add a Comment

Replies

Turns out i can get the path with SecCodeCopyPath, when I manage to get the command line arguments of the process I will share how I did it.
Posted by
mhunt@mercadolibre.com
Up vote reply of mhunt@mercadolibre.com Down vote reply of mhunt@mercadolibre.com
Post marked as solved
Add a Comment

I was wondering what information i could obtain from an unsigned process that is generating outbound traffic.

What process is running on your machine unsigned?


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment