Hey @DTS Engineer, so there are 2 tcc db's: /Library/Application\ Support/com.apple.TCC/TCC.db - This one is the system one that has the permissions for FDA and etc. This one can't be changed because it's SIP protected (at least if you are not Csaba Fitzl ;) ) /Users//Library/Application\ Support/com.apple.TCC/TCC.db This one is the user tcc db, it contains permissions to desktop / microphone and etc. this one can be changed if 1. you are root 2. you have FDA so if for example a user let the terminal app FDA permissions and uses sudo they can change this tcc db and add / delete values from it. So we are interested in the user tcc db to know if someone for example added microphone permissions for unwanted app.

Hey @DTS Engineer FB17483424 is the issue, opened back in start of may