Hi Experts,
Looks like es_mute_path_*** are deprecated, so does anyone know if there has some new APIs? Thanks! https://developer.apple.com/documentation/endpointsecurity/3366123-es_mute_path_prefix
Hi Experts,
Looks like es_mute_path_*** are deprecated, so does anyone know if there has some new APIs? Thanks! https://developer.apple.com/documentation/endpointsecurity/3366123-es_mute_path_prefix
Normally when we deprecate an API we provide a pointer to its replacement. Here’s the declaration of es_mute_path_prefix
in the macOS 12.0rc1 SDK:
OS_EXPORT
API_DEPRECATED("Please use es_mute_path or es_mute_path_events.", macos(10.15, 12.0))
API_UNAVAILABLE(ios, tvos, watchos)
es_return_t
es_mute_path_prefix(es_client_t * _Nonnull client, const char * _Nonnull path_prefix);
ps I’d appreciate you filing a bug against the docs here; they should display this pointer so that you don’t have to grovel through the headers.
Please post your bug number, just for the record
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
I will do it, thanks a lot! @eskimo. Btw: I feel there is a security concern if a process is muted by path, let's say if I muted a trusted process by path, however, the process might be replaced by a totally different one with the same path, then the events of the "new" one also are muted, right?
Normally when we deprecate an API we provide a pointer to its replacement. Here’s the declaration of es_mute_path_prefix
in the macOS 12.0rc1 SDK:
OS_EXPORT
API_DEPRECATED("Please use es_mute_path or es_mute_path_events.", macos(10.15, 12.0))
API_UNAVAILABLE(ios, tvos, watchos)
es_return_t
es_mute_path_prefix(es_client_t * _Nonnull client, const char * _Nonnull path_prefix);
ps I’d appreciate you filing a bug against the docs here; they should display this pointer so that you don’t have to grovel through the headers.
Please post your bug number, just for the record
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
I will do it, thanks a lot! @eskimo. Btw: I feel there is a security concern if a process is muted by path, let's say if I muted a trusted process by path, however, the process might be replaced by a totally different one with the same path, then the events of the "new" one also are muted, right?
I will do it, thanks a lot! @eskimo. Btw: I feel there is a security concern if a process is muted by path, let's say if I muted a trusted process by path, however, the process might be replaced by a totally different one with the same path, then the events of the "new" one also are muted, right?
I will do it
Don’t forget to post your bug number.
let's say if I muted a trusted process by path, however, the process might be replaced by a totally different one with the same path, then the events of the "new" one also are muted, right?
Right. However, muting by path still makes sense when you’re dealing with system binaries, where SIP prevents them from being replaced.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Agree with you, thanks @eskimo. Btw: FB9726842 for your reference.