Is DeepGuard able to watch "/dev/dtracehelper" file?
Hi dev team,
Good day. I want to audit the command $launchctl 's execution. After using FileMonitor.app (by Objective-See), I found that during its execution, this command tries to open "/dev/dtracehelper".
However, when I set up the following rule under the strict mode, DeepGuard did NOT generate any dialog. Is DeepGuard doesn't support watching this file yet? Thanks in advance & best regards.
RULE: watch "/dev/dtracehelper" "any" rwx