Thanks for your response. Your answer addresses two key aspects: communication between the Daemon and USB, and USB DEXT entitlements. I’m clear on the communication part and have a working PoC for it. Regarding USB DEXT entitlements, I understand that an unbounded entitlement isn’t viable for production use. Our goal is to authorize every USB device that connects to the MacBook USB ports based on predefined policies. Since no entitlements exist for a generic DEXT, I’d like to explore possible approaches to implement this use case. One option could be using the Endpoint Security framework with ES_EVENT_TYPE_AUTH_MOUNT, though this seems limited to USB devices with file system mounts. Are there any other recommended methods to achieve this? Alternatively, is there a way to request a specific entitlement for DEXT to support this functionality? Any guidance would be appreciated.

Thank you for your detailed response, truly appreciate your time.