Capturing more details abt the extensions. Also we are not installing and enabling ES on the machines where the issues are reported. The provisioning profile for NE looks like: % security cms -D -i /Applications/MyorgSystemExtensions.app/Contents/Library/SystemExtensions/com.Myorg.CMF.networkextension.systemextension/Contents/embedded.provisionprofile ... <key>Entitlements</key> <dict> <key>com.apple.developer.endpoint-security.client</key> <true/> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider-systemextension</string> <string>app-proxy-provider-systemextension</string> <string>content-filter-provider-systemextension</string> <string>dns-proxy-systemextension</string> <string>dns-settings</string> </array> <key>com.apple.application-identifier</key> <string>REPLACEDID.com.Myorg.CMF.networkextension</string> <key>keychain-access-groups</key> <array> <string>REPLACEDID.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>REPLACEDID</string> </dict> ... The provisioning profile for ES looks like: % security cms -D -i /Applications/MyorgSystemExtensions.app/Contents/Library/SystemExtensions/com.Myorg.CMF.endpointsecurity.systemextension/Contents/embedded.provisionprofile ... <key>Entitlements</key> <dict> <key>com.apple.developer.endpoint-security.client</key> <true/> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.application-identifier</key> <string>REPLACEDID.com.Myorg.CMF.endpointsecurity</string> <key>keychain-access-groups</key> <array> <string>REPLACEDID.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>REPLACEDID</string> </dict> ...

Thanks for the response Quinn. Yes you are right this is System Extension app, also we also we build two extension for NE providers (Content Filter and App/Transparent Proxy Provider) and for Endpointsecurity. My App entitlement looks like: $ codesign -d --entitlements :- /Applications/MyorgSystemExtensions.app Executable=/Applications/MyorgSystemExtensions.app/Contents/MacOS/MyorgSystemExtensions <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>REPLACEDID.com.Myorg.containerapp</string> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider-systemextension</string> <string>content-filter-provider-systemextension</string> </array> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.team-identifier</key> <string>REPLACEDID</string> <key>com.apple.security.application-groups</key> <array> <string>group.com.Myorg.endpoint</string> </array> </dict> </plist> SystemExtension entitlement looks like: $ codesign -d --entitlements :- /Applications/MyorgSystemExtensions.app/Contents/MacOS/MyorgSystemExtensions Executable=/Applications/MyorgSystemExtensions.app/Contents/MacOS/MyorgSystemExtensions <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>REPLACEDID.com.Myorg.containerapp</string> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider-systemextension</string> <string>content-filter-provider-systemextension</string> </array> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.team-identifier</key> <string>REPLACEDID</string> <key>com.apple.security.application-groups</key> <array> <string>group.com.Myorg.endpoint</string> </array> </dict> </plist> Provisioning file looks like: $ security cms -D -i /Applications/MyorgSystemExtensions.app/Contents/embedded.provisionprofile .... <key>Entitlements</key> <dict> <key>com.apple.developer.endpoint-security.client</key> <true/> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider-systemextension</string> <string>app-proxy-provider-systemextension</string> <string>content-filter-provider-systemextension</string> <string>dns-proxy-systemextension</string> <string>dns-settings</string> </array> <key>com.apple.application-identifier</key> <string>REPLACEDID.com.Myorg.containerapp</string> <key>keychain-access-groups</key> <array> <string>REPLACEDID.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>REPLACEDID</string> </dict> .... I am trying to compare the entitlements but I may miss any error as I am not an expert with this. Quinn, would really appreciate if you can point any error. Thanks

My mistake, in new Forum layout I was not able to locate my asked questions. I mean is 'Edit Profile' doesn't seems to place find your asked questions. No need to follow this page for this particular question we can close this discussion here.

We are also facing this issue, this is happening when we are using a Proxy client service which uses SystemExtension: AppProxyProvider for proxying traffic. If there is not proxy client in data path, YouTube streaming is working fine.