After some time monitoring the problem on our user base, it seems we were able to fix the problem. Our approach was to consider that we were probably receiving an auth event at a time we had no more access to the CPU. So we listed system processes that were active during the sleep process, identified all system processes that we can mute, and muted them. One of the process was /usr/libexec/endpointsecurityd, that sounds like a good candidate. After a few weeks with the product in the wild, we didn't receive new KP feedback. Thanks Kevin for your help !

I can reproduce the same problem when compiling my sample project using Xcode 16 RC and Xcode 16.1 ß: Sep 11 10:44:41 10 sandboxApp[974]: dyld: Symbol not found: _$s7Network13NWPathMonitorCMa Referenced from: /Users/test/Desktop/sandboxApp.app/Contents/MacOS/../Frameworks/IntegoFoundation.framework/Versions/A/IntegoFoundation Expected in: /System/Library/Frameworks/Network.framework/Versions/A/Network

My problem seems to be pretty similar to the one reported in rdar://FB13278576

Same problem here today: we have random notarization failures, some of them with internal server errors (500), some of them with missing agreement.

Hello guys, We are having the exact same problem with a growing number of our users. We have identified that the error is caused by the missing "restricted" flag on /private/var/db/KernelExtensionManagement, and we have verified that restoring this flag does fix the issue (requires booting in recovery mode, as explained in the github issue mentioned by 0x0A9). Sadly, the story is not over: some users have reported that the problem was back after installing or updating our product. What we are trying to understand now is what causes the "restricted" flag to be removed. The /private/var/db/KernelExtensionManagement folder is protected by SIP, we should not be able to change it by mistake during the installation process. So I guess it is a side effect of what we are doing to install or update our kext. Did anything change in the way Apple handles the installation or update of a kernel extension recently, maybe as part of the security updates that were published in the past months for 10.15, 10.14 and 10.13 ? Is there any change in the recommended procedure for that ?