Seeing this event now:
```-> % tail -f /var/log...
# generalb
Brandon Mesa
10/27/2022, 7:40 PMSeeing this event now:
Copy code
-> % tail -f /var/log/osquery/osqueryd.INFO
Log file created at: 2022/10/27 15:14:11
Running on machine: Brandons-MacBook-Pro-2.local
Running duration (h:mm:ss): 0:00:00
Log line format: [IWEF]yyyymmdd hh:mm:ss.uuuuuu threadid file:line] msg
I1027 15:14:11.117659 -267033344 eventfactory.cpp:156] Event publisher not enabled: endpointsecurity: EndpointSecurity client lacks user TCC permissionss
sharvil
10/27/2022, 7:42 PMSadly ventura changed this.. 😕 It doesn't inherit the permission on Monterey to Ventura upgrade
sharvil
10/27/2022, 7:43 PMyou will have to go to system prefs and give FDA permissions again and reboot 😞
sharvil
10/27/2022, 7:45 PMApple is aware of this too I am told -- @Brandon Mesa https://twitter.com/thomasareed/status/1585665754770604033?s=46&t=gWvT1Nf8OLhIHP5pL8l2sg (for a bit more context)
b
Brandon Mesa
10/27/2022, 7:51 PMThanks @sharvil !
s
sharvil
10/27/2022, 8:09 PMAnd even more context: https://www.wired.com/story/apple-macos-ventura-bug-security-tools/
sharvil
11/02/2022, 8:04 AMhey @Brandon Mesa, just a further update, Apple has updated their release notes for macOS 13.1 beta acknowledging this issue (https://developer.apple.com/documentation/macos-release-notes/macos-13_1-release-notes), but Apple hasn't provided any more info on fixing it at their end sadly..
Endpoint Security
Known Issues
• Applications using Endpoint Security extensions might lose Full Disk Access authorization, impacting their ability to function. This issue doesn’t affect MDM-enabled extensions. (100857507)
• Workaround: Removing and re-adding Full Disk Access in Settings for these extensions might resolve the issue.
b
Brandon Mesa
11/02/2022, 2:50 PMuh oh, thanks @sharvil!
5 Views