Title
#general
b

Brandon Mesa

10/27/2022, 7:40 PM
Seeing this event now:
-> % tail -f /var/log/osquery/osqueryd.INFO
Log file created at: 2022/10/27 15:14:11
Running on machine: Brandons-MacBook-Pro-2.local
Running duration (h:mm:ss): 0:00:00
Log line format: [IWEF]yyyymmdd hh:mm:ss.uuuuuu threadid file:line] msg
I1027 15:14:11.117659 -267033344 eventfactory.cpp:156] Event publisher not enabled: endpointsecurity: EndpointSecurity client lacks user TCC permissions
s

sharvil

10/27/2022, 7:42 PM
Sadly ventura changed this.. 😕 It doesn't inherit the permission on Monterey to Ventura upgrade
7:43 PM
you will have to go to system prefs and give FDA permissions again and reboot 😞
7:45 PM
Apple is aware of this too I am told -- @Brandon Mesa https://twitter.com/thomasareed/status/1585665754770604033?s=46&t=gWvT1Nf8OLhIHP5pL8l2sg (for a bit more context)
b

Brandon Mesa

10/27/2022, 7:51 PM
Thanks @sharvil !
s

sharvil

10/27/2022, 8:09 PM
8:04 AM
hey @Brandon Mesa, just a further update, Apple has updated their release notes for macOS 13.1 beta acknowledging this issue (https://developer.apple.com/documentation/macos-release-notes/macos-13_1-release-notes), but Apple hasn't provided any more info on fixing it at their end sadly..
Endpoint Security
Known Issues
• Applications using Endpoint Security extensions might lose Full Disk Access authorization, impacting their ability to function. This issue doesn’t affect MDM-enabled extensions. (100857507)
• Workaround: Removing and re-adding Full Disk Access in Settings for these extensions might resolve the issue.
b

Brandon Mesa

11/02/2022, 2:50 PM
uh oh, thanks @sharvil!