To use the Endpoint Security framework, Apple provides a demo to build a system extension registered as an es client. During my testing, I noticed that creating es client in a daemon service is also works. Besides the protection that we get from the system extension subsystem, are there any other reasons that we should void using es in a daemon service?

Hi Apple, We are working on a general USB device management solution on macOS for enterprise security. Our goal is to enforce policy-based restrictions on USB devices, such as: For USB storage devices: block mount, read, or write access. For other peripherals (e.g., USB headsets or microphones, raspberry pi, etc): block usage entirely. We know in past, kernel extension would be the way to go, but as kext has been deprecated. And DriverKit is the new advertised framework. At first, DriverKit looked like the right direction. However, after reviewing the documentation more closely, we noticed that using DriverKit for USB requires specific entitlements: DriverKit USB Transport – VendorID DriverKit USB Transport – VendorID and ProductID This raises a challenge: if our solution is meant to cover all types of USB devices, we would theoretically need entitlements for every VendorID/ProductID in existence. My questions are: Is DriverKit actually the right framework for this kind of general-purpose USB device control? If not, what framework or mechanism should we be looking at for enforcing these kinds of policies? We also developed an Endpoint Security product, but so far we haven’t found a relevant Endpoint Security event type that would allow us to achieve this. Any guidance on the correct technical approach would be much appreciated. Thanks in advance for your help.

We are looking for a complete solution of do performance tracing. One key point is to be able to run the perf trace in production environment. We have been using os_signpost in our app. We know how to use xctrace to record a perf report in our dev environment. We need a way run the perf trace on customer end. However, asking a customer to install a 10GB+ xcode is not practical. My 2 questions are: Is there a standalone version of Instruments or a command line tool that is small enough to download and run on customer mac to do the os_signpost tracing? If there is no such tool, is it possible to use some sort of APIs to create a such tool myself? Regards Liam