10 Discussions started
20 Comments posted
17 Points earned
0 Solutions given
- Last Active
So basically the problem is: I gave Finder the rights to read anything, but DeepGaurd will still stop Finder and wait for my approval. See the Picture below: Best regards & good day.
Good day dev team! Under Strict mode, I set up rules like: watch prefix "~/" "any" w watch prefix "~/Desktop/" "any" r allow path "any" "/System…
Hi, Or can we use the "signatureID/signingID" as a condition to audit launchctl's launch? No matter where the command is located, its "signatureID/signingID" should be the same. B…
Good day. I think ES_EVENT_TYPE_AUTH_SIGNAL could be used for preventing being unloaded by launchd. ref: developer.apple.com/forums/thread/681063 Best regards.
Hi @pajp thanks for your answer! Indeed you're right, looks like every app will access /dev/dtracehelper. I always worry unnecessarily about some processes w/ root access would $launchctl unload -w /…