Any new APIs to replace es_mute_path_*** since they are deprecated

Hi Experts,

Looks like es_mute_path_*** are deprecated, so does anyone know if there has some new APIs? Thanks! https://developer.apple.com/documentation/endpointsecurity/3366123-es_mute_path_prefix

Up vote post of Android2Test Down vote post of Android2Test
881 views
Posted by
Android2Test
Reply
Add a Comment

Accepted Reply

Normally when we deprecate an API we provide a pointer to its replacement. Here’s the declaration of es_mute_path_prefix in the macOS 12.0rc1 SDK:

OS_EXPORT
API_DEPRECATED("Please use es_mute_path or es_mute_path_events.", macos(10.15, 12.0))
API_UNAVAILABLE(ios, tvos, watchos)
es_return_t
es_mute_path_prefix(es_client_t * _Nonnull client, const char * _Nonnull path_prefix);

ps I’d appreciate you filing a bug against the docs here; they should display this pointer so that you don’t have to grovel through the headers.

Please post your bug number, just for the record

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved

  • I will do it, thanks a lot! @eskimo. Btw: I feel there is a security concern if a process is muted by path, let's say if I muted a trusted process by path, however, the process might be replaced by a totally different one with the same path, then the events of the "new" one also are muted, right?

    Android2Test
Add a Comment

Replies

Normally when we deprecate an API we provide a pointer to its replacement. Here’s the declaration of es_mute_path_prefix in the macOS 12.0rc1 SDK:

OS_EXPORT
API_DEPRECATED("Please use es_mute_path or es_mute_path_events.", macos(10.15, 12.0))
API_UNAVAILABLE(ios, tvos, watchos)
es_return_t
es_mute_path_prefix(es_client_t * _Nonnull client, const char * _Nonnull path_prefix);

ps I’d appreciate you filing a bug against the docs here; they should display this pointer so that you don’t have to grovel through the headers.

Please post your bug number, just for the record

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved

  • I will do it, thanks a lot! @eskimo. Btw: I feel there is a security concern if a process is muted by path, let's say if I muted a trusted process by path, however, the process might be replaced by a totally different one with the same path, then the events of the "new" one also are muted, right?

    Android2Test
Add a Comment

I will do it, thanks a lot! @eskimo. Btw: I feel there is a security concern if a process is muted by path, let's say if I muted a trusted process by path, however, the process might be replaced by a totally different one with the same path, then the events of the "new" one also are muted, right?

Posted by
Android2Test
Up vote reply of Android2Test Down vote reply of Android2Test
Add a Comment

I will do it

Don’t forget to post your bug number.

let's say if I muted a trusted process by path, however, the process might be replaced by a totally different one with the same path, then the events of the "new" one also are muted, right?

Right. However, muting by path still makes sense when you’re dealing with system binaries, where SIP prevents them from being replaced.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment