User Profile

Subscribed ES_EVENT_TYPE_AUTH_OPEN event in MacOS Endpoint Security library. As soon as application starts monitoring, macOS system hangs. I tried to dispatch it on other threads. I also tried to stop monitoring for some processes using es_mute_process but all efforts in vain.Please help me understand how can we monitor and control auth open events for desired process and files only. Let me know how to filter open events so that it does not slow down the system.

With macos 10.15, user has to restart macos to load kernel extensions irrespective of another kexts already loaded of same team identifier.Any reason why this restart is required on macos 10.15? Also, it is required for every kext of a Team?Can we whitelist kexts through MDM for a team id?Can we whitelist programmatically with user consent without restart?Is there any other possible option or setting available to avoid these restarts?