I didn't think it was possible, but a coworker showed me a screenshot with the SentinelOne content filter having the enabled button greyed out in sysprefs: So how are they doing that?

The profiles command shows them, but the Store file/directory is blocked off from access (which, I suppose, kinda makes sense). (We are in the process of getting customers to upgrade the profile, and if I can see whether our profile has an entry, then I can behave differently.)

On macOS, that is. The goals are largely for testing, where we'd like to know the maximum and minimum memory our processes are using, but we'd also like to know it on crash. Our current method is to use ps periodically and grab the appropriate field, but is there a better way? (I looked at MetricKit, but it's not as useful on macOS; I filed FB13640765 "MetricKit would be awesome with more mac features" a couple of months ago.)

I've come to the conclusion that TPP and UDP are just utterly wonky together. This is my relevant code: let host = NWHostEndpoint(hostname: "", port: "0") let udpRule = NENetworkRule(destinationNetwork: host, prefix: 0, protocol: .UDP) let tcpRule = NENetworkRule(destinationNetwork: host, prefix: 0, protocol: .TCP) let settings = NETransparentProxyNetworkSettings(tunnelRemoteAddress:"127.0.0.1") /* * These three lines are a hack and experiment */ let quicHost_1 = NWHostEndpoint(hostname: "", port: "80") let quicHost_2 = NWHostEndpoint(hostname: "", port: "443") let quicRule_1 = NENetworkRule(destinationNetwork: quicHost_1, prefix: 0, protocol: .UDP) let quicRule_2 = NENetworkRule(destinationNetwork: quicHost_2, prefix: 0, protocol: .UDP) settings.includedNetworkRules = [quicRule_1, quicRule_2, tcpRule] settings.excludedNetworkRules = nil Directing UDP through a TPP breaks FaceTime, AirDrop, and a bunch of VPNs Despite the documentation implication that you can't do DNS control with a TPP ("A port string of 53 is not allowed. Use Destination Domain-based rules to match DNS traffic."), if I opt into UDP (settings.includedNetworkRules = [udpRule, tcpRule]), then I see traffic to port 53, and can do things with it. If I use a wild-card network rule (the code above), then the TPP does not seem to get any UDP flows at all. If I use a wild-card exclusion rule (using NWHostEndpoint(hostname: "", port: "53")), then everything starts breaking. If I use NENetworkRule(destinationHost: host, protocol: .UDP), it complains because the prefix must be 32 or less. I've filed feedbacks, and engaged with eskimo (really, thank you), and looked at previous threads, so mostly this is begging: has anyone gotten this to work as expected? I no longer think I'm being obviously wrong with my code, but I would be super delighted to find out I've missed some tricks or angles.

This doesn't particularly surprise me, but I am curious about it, and whether we can change it: our TPP won't start if the only IP address available is in 169.254.0.0/16. I can see (from our logs) that the preferences are loaded & saved, and the extension is loaded, but until it gets a real address, the startProxy method is not invoked.

I have this code: var eventIn = kevent(ident: UInt(self.socket), filter: Int16(EVFILT_WRITE), flags: UInt16((EV_ADD | EV_ENABLE)), fflags: 0, data: 0, udata: nil ) I looked at it and thought why do I have those extra parentheses? So I changed it to var eventIn = kevent(ident: UInt(self.socket), filter: Int16(EVFILT_WRITE), flags: UInt16(EV_ADD | EV_ENABLE), // changed line! fflags: 0, data: 0, udata: nil ) and then kevent gave me EBADF. Does this make sense to anyone?

It looks like, for some reason, our apps are using a bunch of power sometimes. sysdiagnose has this in the power log: Never mind. Including the output of sysdiagnose has "sensitive language," and it won't tell me what is sensitive, making this a waste of my time. ETA: Ok, I I can attach the file: power.log I've gone through the energy documentation, but it seems geared towards embedded, not macOS, so I'm not sure how I can figure this out more. The extra problem, of course, is that we have a network extension, two daemons, and a GUI app. 😄

The stuff I've found by searching has confused me, so hopefully someone can help simplify it for me? I have an app (I use it for logging which books I've given away), and I could either add a bunch of things to the app, or I could have another app (possibly a CLI tool) to generate some reports I'd like.

My project got more complicated, and I had to integrate in some C++ code. In the process, I ended up with a couple of targets, which had some shared ObjC++ and Swift code. Normally, if it's all the same language, I just put the files in question into each of the targets, and we're all happy. But with having both ObjC++ and Swift, I had to deal with the bridging headers. Which got created as ${PRODUCT_NAME}-Swift.h, which made it very difficult for that file to be included in a .mm file used in multiple targets. I tried googling, and forum-searching, and couldn't quite figure out how to make it generate a single header file. Instead, I added a new target, a static library using the common files. I added a Run Script phase which copied *-Swift.h from the Derived Sources directory to the build directory. Then I added the library as a dependency for each of the other targets, and of course linked with it. This seems to work, even after doing a rm -rf build and building everything again. So... was this the (or at least, a) right way to do this? Are there better practices I should be using? Merci beaucou, je suis tres stupid quelquefois.

We started discussing how we'll deal with captive portals, and I realized I don't know if CNA results in network change events. Does it? (I don't have a captive network here, and lockdown makes it hard to go find one, and making one would be ... quite a bit of work.)

The layout I'm looking at: • A daemon which queries various things, and at times decides it's time to log in (or log back in) • An application that handles the logging in, configuration, etc., which registers a custom url scheme • A LaunchAgent which would get an XPC (or just mach message, I suppose) from the daemon, and sends an open-url request for the custom url scheme, eg x-kithrup:login?reason=ihateyou All of that is pretty straightforward to me! But... on a mac, can I tell who sent the request? That is, can my application see that it was my LaunchAgent that made the open-url request? On iOS, it looks like I can, as the UIApplicationDelegate has a method that passes in a sourceApplication. But the NSAppleEventDescriptors confused me a lot.

The main question I have, honestly, is how do I do that? Or what do I do? The goal, of course, is to allow IT to deploy our product to macs. Our product has a network system extension, and the ability to install without asking user permission is very attractive. But... I'm not sure how to get started! My software-trained mind thinks that I should be able to write up my own provisioning file, but then I read the specifications and the part of my mind that keeps me from doing too many stupid things starts kicking the other part below the table. Is there a good resource for this from a developer's perspective? A tool that can create sample files for me, or documentation that can tell me what files and information I need to provide to someone using, say, JAMF?

I'm trying to get the URL used to launch an application. (Quinn helped me do the other part of this -- getting information about who sent the event -- in a TSI.) In the will-finish-launching method in the app delegate, I do:         eventManager.setEventHandler(self, andSelector: #selector(handleGetURLEvent(_:withReplyEvent:)), forEventClass: AEEventClass(kInternetEventClass), andEventID: AEEventID(kAEGetURL)) And that does work: it launches the application if it's not running, and switches over to it if it is running. But... when I try to use keyDirectObject to get the URL it doesn't work -- I get nil as the result. But if I iterate through the event's items... I find the item.         #if false         let url = event.attributeDescriptor(forKeyword: keyDirectObject)         print(url)         #else         let count = event.numberOfItems         print("\(count) items")         for index in 1...count {             let keyword = event.keywordForDescriptor(at: index)             if keyword == keyDirectObject {                 if let d = event.atIndex(index), let str = d.stringValue {                     url = URL(string: str)                     break                 }             }         }         #endif Later on (and this was due to Quinn), I have         guard let aeAuditToken = event.attributeDescriptor(forKeyword: keySenderAuditTokenAttr) and that works, so I don't think I'm asking for the URL incorrectly. Any ideas?

I've finally been installing our bundle into /Applications, and have noticed that this causes a crash report dialogue to come up whenever one of the components crashes. Which, at this point, is still fairly often (that's what asserts in debug builds are for!). But I really don't want to keep manually dismissing those windows; is there a way to stop them from coming up? (I mean, I still want the crash reports created and logged, but I have my own scripts that go through there to get new ones and cleanup the old ones.)

I followed a tutorial on SwiftUI and macOS (and wow was it worth it, I understand more of what I was doing wrong before!). After the tutorial was done, I thought, okay, let's try adding CloudKit to it. Which was rather trivial to do, I was impressed. Then I thought, ok, let's try being able to have local or CloudKit, depending on runtime. But when I did that, the file was opened readonly, due to "Store opened without NSPersistentHistoryTrackingKey but previously had been opened with NSPersistentHistoryTrackingKey." This seems to be something a lot of people have run into, but for some reason I haven't found any actual fixes. Anyone know?