As in, will one need to push an MDM profile to allow said extension 🙂
s
sharvil
09/15/2021, 7:01 PM
Hey @natewalck, the EndpointSecurity features need certain macOS permissions, namely root and Full Disk Access (inside System Preferences --> Privacy --> Full Disk Access). If these permissions are granted manually, there is no need for MDM.
n
natewalck
09/15/2021, 7:01 PM
Yep, that all makes sense. So this is an Endpoint agent but not a System Extension ?
s
sharvil
09/15/2021, 7:01 PM
MDM just makes it easy to automatically grant these permissions via a PPPC payload config profile
n
natewalck
09/15/2021, 7:01 PM
given that it runs its own launchd
Yep, I'm familiar with all that
s
sharvil
09/15/2021, 7:02 PM
Yes, it's currently is just EndpointSecurity
there is no SystemExtension yet
n
natewalck
09/15/2021, 7:02 PM
it was funky to see a .app and not have a system extension ala Crowdstrike, Santa, etc
Are there plans for a system extension?
s
sharvil
09/15/2021, 7:03 PM
.app is required so that osqueryd (which has es entitlements) can automatically pick up the corresponding provisioning profile
There are a lot of folks who would like to see the SystemExtension functionality too, and I would like to support that too, but it's not in the immediate roadmap