Hello,
our prototype of the Endpoint Security client (currently as root with SIP disabled) running in a terminal environment performs verry well and so far satisfies or needs of dicision makeing on AUTH_EXEC and/or AUTH_OPEN events. Thanks Apple, great job so far.
but...
once in a while (especially after sleep or just before sleep, I can not pinpoint it down) the Endpoint Security client gets terminated by the system. just sais "killed". We make sure we respond to all events by the deadline set in the event.
Q:
Is there any way to find out, what the reason was for the system to terminate the client?
Is there any debug logging that can be activated for these system extensions?
Frank Fenn
Sophos Inc.