Seeing this event now: ```-> % tail -f /var/log...
# general
Seeing this event now:
Copy code
-> % tail -f /var/log/osquery/osqueryd.INFO
Log file created at: 2022/10/27 15:14:11
Running on machine: Brandons-MacBook-Pro-2.local
Running duration (h:mm:ss): 0:00:00
Log line format: [IWEF]yyyymmdd hh:mm:ss.uuuuuu threadid file:line] msg
I1027 15:14:11.117659 -267033344 eventfactory.cpp:156] Event publisher not enabled: endpointsecurity: EndpointSecurity client lacks user TCC permissions
Sadly ventura changed this.. 😕 It doesn't inherit the permission on Monterey to Ventura upgrade
you will have to go to system prefs and give FDA permissions again and reboot 😞
Apple is aware of this too I am told -- @Brandon Mesa (for a bit more context)
Thanks @sharvil !
hey @Brandon Mesa, just a further update, Apple has updated their release notes for macOS 13.1 beta acknowledging this issue (, but Apple hasn't provided any more info on fixing it at their end sadly..
Endpoint Security
Known Issues
• Applications using Endpoint Security extensions might lose Full Disk Access authorization, impacting their ability to function. This issue doesn’t affect MDM-enabled extensions. (100857507)
• Workaround: Removing and re-adding Full Disk Access in Settings for these extensions might resolve the issue.
uh oh, thanks @sharvil!