Title
#macos
g

groob

01/27/2022, 4:15 PM
since osquery is also an endpointsecurity sysext now this would affect osquery should a user re-enroll in mdm or if the sysext profile is ever replaced
s

sharvil

01/27/2022, 4:28 PM
Slight correction -- osquery is not yet a systemextension
g

groob

01/27/2022, 4:29 PM
😅
s

sharvil

01/27/2022, 4:29 PM
it's a minimal app bundle shim, so that endpointsecurity works correctly with pppc profiles and such
zwass

zwass

01/27/2022, 4:31 PM
Does that mean this wouldn't effect osquery yet?
s

sharvil

01/27/2022, 4:32 PM
Yes, this doesn't affect osquery yet
g

groob

01/27/2022, 4:32 PM
you'd have to use
OSSystemExtensionRequest activationRequestForExtension:queue:
first
4:34 PM
Was it mentioned in the 5.0.0 release notes and got removed later? I guess I missed some conversation and thought EndpointSecurity was somewhat functional
4:34 PM
thanks for clarifying 🙂
s

sharvil

01/27/2022, 4:37 PM
EndpointSecurity is still functional 🙂 es_client has a special case where it need not be a system extension
4:39 PM
It's a bit weird. that apple has this split