Hi,
I’m building a macOS tool that analyzes process behavior to detect autonomous / AI-like activity locally (process trees, file access patterns, and network usage).
The system is fully user-space and runs locally in real time.
I’m planning to use the Endpoint Security Framework for process and file event monitoring.
This is an open-source project (non-enterprise), developed by a solo developer.
My question: What are the realistic chances of getting Endpoint Security entitlements approved for this type of project?
Are there specific requirements or common reasons for rejection I should be aware of?
Thanks, sivan-rnd
What are the realistic chances of getting Endpoint Security entitlements approved for this type of project?
I don’t think you’ll get a definitive answer to this here on DevForums. The folks who approve access to this capability don’t lurk here. My general advice would be to “Suck it and see.”
It is possible for you to test Endpoint Security without being approved. See here. But let me reiterate this bit: Don’t disable SIP on a Mac that you care about.
Finally, I want to touch on this:
This is an open-source project …
Remember that capabilities are assigned to a specific team, so someone trying to build a product based on your open source would also have to apply for the ES capability.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"