/usr/bin/sample obtains the endpoint security app information, and the app restarts

I started a daemon app with esf function through launchctl. I wanted to get the sample information of the daemon app through sample, but the program would restart, which was not a crash.

// shell command
sample pid -file ~/Downloads/test.txt

It’s generally not safe to target an ES client with debugging tools because of the risk of deadlock. I talk about this in a more general way in this post.

What info are you hoping to uncover with sample? In most case a spindump is more useful, because it allows you to follow the trail across processes.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

/usr/bin/sample obtains the endpoint security app information, and the app restarts
 
 
Q