I am trying to disable certain paths from Endpoint Security Events using es_mute_path, but this seems to be returning with ES_RETURN_ERROR. I am currently not having 'com.apple.developer.endpoint-security.client' but is disabling SIP to check the same. What is the reason for this behavior ?

Can I launch all the launchAgents associated with a user before they log in? If so, is there an event or mechanism I can use or simulate to achieve this? Is it possible to delay the login mechanism, till all the launchAgents are loaded. Looking for guidance on how to approach this.

It seems like find my mac is able to fetch the device location even if the device is in locked state. Why can’t other apps do the same.

I'm looking for a solution to install a binary on a macOS system where System Integrity Protection (SIP) is enabled, and the target installation location is protected by SIP. I need to achieve this without booting into recovery mode to disable SIP. Is there any method to achieve this, such as by creating separate packages that can handle SIP-protected locations, developing or using installer applications capable of navigating SIP constraints, leveraging specific entitlements or permissions to facilitate the installation, or utilising Mobile Device Management (MDM) solutions for deployment? If anyone has experience or insights on any reliable ways to accomplish this, please share any detailed steps, tools, or best practices that could be useful.

I'm exploring options for sharing a keychain item between a plug-in and a standalone application. Despite my efforts, I haven't found a straightforward method to accomplish this. Can anyone provide guidance on enabling keychain sharing between these components?