I am using es_new_client and es_subscribe in SystemExtension and EndpointSecurity.
I tested it on M3, and it is working. It also works on M1 versions 12, 13, and 14. Additionally, ES_EVENT_TYPE_NOTIFY_KEXTUNLOAD is functioning correctly.
However, there is a bug on M1 Big Sur where es_new_client's es_handler_block_t cannot receive ES_EVENT_TYPE_NOTIFY_KEXTLOAD.
The tested command is:
sudo kextload /System/Library/Extensions/msdosfs.kext sudo kextload /System/Library/Extensions/*.kext
Is this intended behavior or a bug? Are there any plans to fix it?
Is this intended behavior or a bug? Are there any plans to fix it?
It sounds like a bug.
Are there any plans to fix it?
I can’t say anything definitive about The Future™. You should feel free to file a bug report about this. However:
-
macOS 11 has long fallen off the general software update cycle.
-
And its last security update was in 2023
Given that, I’m struggling to see how a fix for this could be released, meaning that you might be better off raising your deployment target to mac OS 12.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
