I am posting here as I am a loss for what to try next.
I want to remotely install an application with an endpoint security system extension using my MDM (MicroMDM). To do this, I am sending an InstallEnterpriseApplication command to my MDM server to install an application containing a system extension with an endpoint security entitlement.
The application installs without error according to install.log. However, when I inspect the app that was installed, its contents have been modified. This breaks codesigning and the application cannot load the endpoint security system extension anymore.
HOWEVER, when I take the exact same installer.pkg and double click it from Finder to manually install it by hand, the resulting application is unmodified and as expected! I know the MDM server isn't modifying the application because when I download the installer from the URL that's in my manifest and hash it, the hash matches the original installer file I had before I uploaded it to my MDM.
Is there an issue with MDMs installing applications with system extensions/endpoint security entitlement?
I know this is not an issue with my codesigning or packaging because everything works fine when I double click the package installer and install it by hand.
Has anyone run into this?
Here is my manifest.plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>items</key>
<array>
<dict>
<key>assets</key>
<array>
<dict>
<key>kind</key>
<string>software-package</string>
<key>md5-size</key>
<integer>10485760</integer>
<key>md5s</key>
<array>
<string>HASH1</string>
<string>HASH2</string>
<string>HASH3</string>
</array>
<key>url</key>
<string>https://mdm-testing.sys/repo/installer.pkg</string>
</dict>
</array>
</dict>
</array>
</dict>
</plist>