since osquery is also an endpointsecurity sysext n...
# macosg
groob
01/27/2022, 4:15 PM
since osquery is also an endpointsecurity sysext now this would affect osquery should a user re-enroll in mdm or if the sysext profile is ever replaced
s
sharvil
01/27/2022, 4:28 PMSlight correction -- osquery is not yet a systemextension
g
groob
01/27/2022, 4:29 PM
😅
s
sharvil
01/27/2022, 4:29 PMit's a minimal app bundle shim, so that endpointsecurity works correctly with pppc profiles and such
z
zwass
01/27/2022, 4:31 PM
Does that mean this wouldn't effect osquery yet?
s
sharvil
01/27/2022, 4:32 PMYes, this doesn't affect osquery yet
g
groob
01/27/2022, 4:32 PM
you'd have to use
OSSystemExtensionRequest activationRequestForExtension:queue:groob
01/27/2022, 4:34 PM
Was it mentioned in the 5.0.0 release notes and got removed later? I guess I missed some conversation and thought EndpointSecurity was somewhat functional
groob
01/27/2022, 4:34 PM
thanks for clarifying 🙂
s
sharvil
01/27/2022, 4:37 PMEndpointSecurity is still functional 🙂 es_client has a special case where it need not be a system extension
sharvil
01/27/2022, 4:37 PMour previous thread https://osquery.slack.com/archives/C08VA3XQU/p1590519130180100 😀
sharvil
01/27/2022, 4:39 PMsharvil
01/27/2022, 4:39 PMIt's a bit weird. that apple has this split
6 Views