Hi!
I'm trying to run SampleEndpointApp (https://developer.apple.com/documentation/endpointsecurity/monitoring_system_events_with_endpoint_security) on my machine with SIP disabled, but have no success in that. In system logs I can see the following messages:
As far as I understand it wants that my signature I used to sign the app and extension doesn't have proper entitlement?
But https://developer.apple.com/system-extensions/ says: "…you can test system extensions on your Mac by temporarily turning off System Integrity Protection."
So in theory I should be able to run ES extension on my machine.
I'm on BigSur 11.3 if that matters.
Could you please help me to understand what I could do improperly and how to fix that?
Thanks in advance,
Aleksandr
I'm trying to run SampleEndpointApp (https://developer.apple.com/documentation/endpointsecurity/monitoring_system_events_with_endpoint_security) on my machine with SIP disabled, but have no success in that. In system logs I can see the following messages:
Code Block ... taskgated-helper: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] com.example.apple-samplecode.SampleEndpointApp.Extension: Unsatisfied entitlements: com.apple.developer.endpoint-security.client ... taskgated-helper: (ConfigurationProfiles) [com.apple.ManagedClient:ProvisioningProfiles] Disallowing: com.example.apple-samplecode.SampleEndpointApp.Extension ... amfid: /Library/SystemExtensions/B0C9A0DC-E8C6-46B9-804D-BEA0A1E5B362/com.example.apple-samplecode.SampleEndpointApp.Extension.systemextension/Contents/MacOS/com.example.apple-samplecode.SampleEndpointApp.Extension signature not valid: -67671 ... kernel: mac_vnode_check_signature: /Library/SystemExtensions/B0C9A0DC-E8C6-46B9-804D-BEA0A1E5B362/com.example.apple-samplecode.SampleEndpointApp.Extension.systemextension/Contents/MacOS/com.example.apple-samplecode.SampleEndpointApp.Extension: code signature validation failed fatally: When validating /Library/SystemExtensions/B0C9A0DC-E8C6-46B9-804D-BEA0A1E5B362/com.example.apple-samplecode.SampleEndpointApp.Extension.systemextension/Contents/MacOS/com.example.apple-samplecode.SampleEndpointApp.Extension ...kernel: proc 5040: load code signature error 4 for file "com.example.apple-samplecode.SampleEndpointApp.Extension"
As far as I understand it wants that my signature I used to sign the app and extension doesn't have proper entitlement?
But https://developer.apple.com/system-extensions/ says: "…you can test system extensions on your Mac by temporarily turning off System Integrity Protection."
So in theory I should be able to run ES extension on my machine.
I'm on BigSur 11.3 if that matters.
Could you please help me to understand what I could do improperly and how to fix that?
Thanks in advance,
Aleksandr
