I am not convinced using an Apple Developer ID will work. I have tried several times from scratch and get the same result every time. I even have SIP disabled on this machine!

I am completely and thoroughly confused. I need to figure out how to use endpoint security. I can't even get the sample to run. I can't figure out the code signing identities, which ones to use or not, and whether or not to manually or automatically sign, etc. Is there no definitive guide on how to do this?

The sample application documentation says you need a developer ID. Switching to an Apple developer ID is fine, but if I can't get it to run even with a developer ID on my own machine, what is the answer? Is the problem that it needs to be notarized?

It doesn't look like it: ps ajxww|grep -i sysex|grep -v grep root 6290 1 6290 0 0 Ss ?? 0:00.16 /System/Library/Frameworks/SystemExtensions.framework/Versions/A/Helpers/sysextd ps ajxww|grep -i endpoint|grep -v grep root 75 1 75 0 0 Ss ?? 0:00.02 endpointsecurityd I don't believe I have seen an ES man page, and that link you added doesn't take you there either.

It finds nothing.

I see about the cp. I added the rm -r, and now it works! This explains why sometimes it would work properly. Another change I had to make in the bundle, under MacOS, the executable is was called protect_am, but CFBundleExecutable listed ProtectOnAccess. I changed the executable to match. My protect_am is now a symbolic link to ProtectOnAccess.

Yes, protect_am: Mach-O 64-bit executable x86_64

I build the executable in place in my dev directory - the target in my Makefile is ProtectOnAccess.app/Contents/MacOS/protect_am. Then, I copy it using "sudo cp -r ProtectOnAccess.app /Library/Application\ Support/protect/". I think this would definitely not cause the issue discussed in that post about updating mac software. I am fairly certain protect_am is a Mach-O executable. The file structure I obtained was from setting up a driver wrapper project in xcode that you recommended when trying to build outside of xcode. I codesign only the protect_am executable, and the entire ProtectOnAccess.app folder. Should I delete the _CodeSignature directory?

Yes. I see Distribution Managed, Developer ID Application Managed, and because I didn't know what I was doing, 4 Developer ID application certificates. I don't know how to delete the extra ones. I have been using the second of those in the list .

I have read your post about provisioning profiles, and it does not address the signing certificate.

I have a sample application that is using xcode. Part of the requirement for endpoint security is that I need to notarize the application. To do this, I am trying to create an archive and submit for validation. I can't seem to figure out why this provisioning profile doesn't have the certificate.

I am not sure - are you saying that I need to change the way the files are stored on the target system? In other words, a .app directory structure like this? Contents/ Info.plist MacOS/ protect_am PkgInfo _CodeSignature/ CodeResources embedded.provisionprofile How do I create this provisionprofile if I'm not using xcode?

I understand a little of this, but it would be helpful to find the actual source project that is referenced in these posts. In this case, DaemonWithApp is presented as though it is something I can see and work with, but I don't have it. Where can I get these samples? I have a sample xcode project I tried to build from the DaemonInAppsClothing source presented, but then when I switched out main.swift for my c++ code, and added in the dylib files, they do not end up in the archive. I know I'm all over the place here, so it is really hard to put things in any kind of order, or know if I'm following correct procedures.

That did not format correctly

I have tried following the sample wrapper example in the first link - and it does work, but I can't figure out how to add the endpoint security entitlement - which my team is approved for.