Hi all. I'm exploring the new URL Filter framework that supports filtering URLs in encrypted HTTPS traffic. I'm particularly interested in understanding how we can leverage this in System Extensions on macOS. Can URL Filter be implemented within a macOS System Extension? The documentation seems to focus primarily on iOS implementations. I've attempted to evaluate the "Filtering traffic by URL" sample code by running PIRService on localhost (tried both macOS native binary, and Linux container) and SimpleURLFilter on the iOS simulator (26.0 23A5260l). However, the app fails to apply the configuration with NetworkExtension.NEURLFilterManager.Error 8, and PIRService doesn't receive any requests. Is this functionality supported in the simulator environment? Does Keyword Private Information Retrieval support pattern matching or wildcards? For example, would it be possible to create rules that block URLs like "object-storage.example[.]org/malicious-user/*"? Regarding enterprise use cases: While I understand URL filtering uses Private Information Retrieval to enhance user privacy, enterprise security teams often need visibility into network traffic for security monitoring and incident response. Are there supported approaches for enterprises to monitor HTTPS URLs? Any insights or clarification would be greatly appreciated. Shay

Hi all, It's nice that macOS 15 allows users to control System Extensions in "Login Items & Extensions", but I am encountering some issues in determining if a user has disabled or removed a System Extension. I will share my findings (as of macOS 15.1 24B5009l) for two scenarios and would appreciate any suggestions for better approaches. Scenario 1: During first-time activation, there is no clear API to determine if the user uninstalls the extension before activation. The code creates activationRequestForExtension:queue: and receives notifications via a delegate implementing OSSystemExtensionRequestDelegate. However, if the user does not authorize the activation of the System Extension and uninstalls it, the code receives request:didFailWithError: with error code OSSystemExtensionErrorRequestSuperseded. This error code is ambiguous, so I plan to submit a propertiesRequestForExtension:queue: and check the properties for each instance to determine if the user uninstalled the extension. Scenario 2: After activation, it is unclear when the user enables or disables the extension. It is somewhat easier in the enabled -> disabled scenario. The XPC connection will be invalidated, allowing me to submit another propertiesRequestForExtension:queue: in the XPC invalidation handler and check the result. However, I am having trouble with the disabled -> enabled scenario. There is no event or trigger indicating that the user has enabled the extension, so I have to submit propertiesRequestForExtension:queue: repeatedly at short intervals, which is not ideal. I wonder if there are better approaches. Any suggestions would be greatly appreciated. Thanks & regards, Shay