[Q] When is the kTCCServiceEndpointSecurityClient set by macOS and in which conditions?
From what I'm gathering, the kTCCServiceEndpointSecurityClient can not be set by a configuration profile and the end user can only grant full disk access.
I searched for documentation on Apple's develop website (with the "kTCCServiceEndpointSecurityClient" search) and did not get any useful result.
Using a more complete search engine, or the forum search engine, only points to the old annoying big bug in macOS Ventura.
The problem I'm investigating is showing a process being listed as getting granted kTCCServiceEndpointSecurityClient permissions in the TCC database when:
- it's not an Endpoint Security client.
- it does not have the ES Client entitlement.
- the bundle of the process includes another process that is an ES Client and is spawn-ed by this process but I don't see why this should have an impact.
This process is supposed to have been granted kTCCServiceSystemPolicyAllFiles via end user interaction or configuration profile.
AFAIK, the kTCCServiceEndpointSecurityClient permission can only be set by macOS itself.
So this looks like to be either a bug in macOS, an undocumented behavior or I'm missing something. Hence the initial question.
macOS 15.7.3 / Apple Silicon