---
title: Endpoint Security
framework: endpointsecurity
role: collection
role_heading: Library
path: endpointsecurity
---

# Endpoint Security

Develop system extensions that enhance user security.

## Overview

Overview Endpoint Security is a C API for monitoring system events for potentially malicious activity. You can write your client in any language that supports native calls. Your client registers with Endpoint Security to authorize pending events, or receive notifications of events that already occurred. These events include process executions, mounting file systems, forking processes, and raising signals. Develop your system extension with Endpoint Security and package it in an app that uses the System Extensions framework to install and upgrade the extension on the user’s Mac.

## Topics

### Event Monitoring

- [Client](endpointsecurity/client.md)
- [Message](endpointsecurity/message.md)
- [Event Types](endpointsecurity/event-types.md)

### Entitlements

- [com.apple.developer.endpoint-security.client](bundleresources/entitlements/com.apple.developer.endpoint-security.client.md)

### Reference

- [EndpointSecurity Constants](endpointsecurity/endpointsecurity-constants.md)
- [EndpointSecurity Data Types](endpointsecurity/endpointsecurity-data-types.md)
- [EndpointSecurity Functions](endpointsecurity/endpointsecurity-functions.md)
- [EndpointSecurity Structures](endpointsecurity/endpointsecurity-structures.md)
- [EndpointSecurity Enumerations](endpointsecurity/endpointsecurity-enumerations.md)

### Structures

- [es_cs_validation_category_t](endpointsecurity/es_cs_validation_category_t.md)
- [es_deadline_miss_mode_t](endpointsecurity/es_deadline_miss_mode_t.md)
- [es_event_tcc_modify_t](endpointsecurity/es_event_tcc_modify_t.md)
- [es_tcc_authorization_reason_t](endpointsecurity/es_tcc_authorization_reason_t.md)
- [es_tcc_authorization_right_t](endpointsecurity/es_tcc_authorization_right_t.md)
- [es_tcc_event_type_t](endpointsecurity/es_tcc_event_type_t.md)
- [es_tcc_identity_type_t](endpointsecurity/es_tcc_identity_type_t.md)

### Variables

- [ES_CS_VALIDATION_CATEGORY_APP_STORE](endpointsecurity/es_cs_validation_category_app_store.md)
- [ES_CS_VALIDATION_CATEGORY_DEVELOPER_ID](endpointsecurity/es_cs_validation_category_developer_id.md)
- [ES_CS_VALIDATION_CATEGORY_DEVELOPMENT](endpointsecurity/es_cs_validation_category_development.md)
- [ES_CS_VALIDATION_CATEGORY_ENTERPRISE](endpointsecurity/es_cs_validation_category_enterprise.md)
- [ES_CS_VALIDATION_CATEGORY_INVALID](endpointsecurity/es_cs_validation_category_invalid.md)
- [ES_CS_VALIDATION_CATEGORY_LOCAL_SIGNING](endpointsecurity/es_cs_validation_category_local_signing.md)
- [ES_CS_VALIDATION_CATEGORY_NONE](endpointsecurity/es_cs_validation_category_none.md)
- [ES_CS_VALIDATION_CATEGORY_OOPJIT](endpointsecurity/es_cs_validation_category_oopjit.md)
- [ES_CS_VALIDATION_CATEGORY_PLATFORM](endpointsecurity/es_cs_validation_category_platform.md)
- [ES_CS_VALIDATION_CATEGORY_ROSETTA](endpointsecurity/es_cs_validation_category_rosetta.md)
- [ES_CS_VALIDATION_CATEGORY_TESTFLIGHT](endpointsecurity/es_cs_validation_category_testflight.md)
- [ES_DEADLINE_MISS_MODE_FAIL_CLOSED](endpointsecurity/es_deadline_miss_mode_fail_closed.md)
- [ES_DEADLINE_MISS_MODE_FAIL_OPEN](endpointsecurity/es_deadline_miss_mode_fail_open.md)
- [ES_DEADLINE_MISS_MODE_KILL](endpointsecurity/es_deadline_miss_mode_kill.md)
- [ES_EVENT_TYPE_NOTIFY_TCC_MODIFY](endpointsecurity/es_event_type_notify_tcc_modify.md)
- [ES_EVENT_TYPE_RESERVED_0](endpointsecurity/es_event_type_reserved_0.md)
- [ES_EVENT_TYPE_RESERVED_1](endpointsecurity/es_event_type_reserved_1.md)
- [ES_EVENT_TYPE_RESERVED_2](endpointsecurity/es_event_type_reserved_2.md)
- [ES_EVENT_TYPE_RESERVED_3](endpointsecurity/es_event_type_reserved_3.md)
- [ES_EVENT_TYPE_RESERVED_4](endpointsecurity/es_event_type_reserved_4.md)
- [ES_EVENT_TYPE_RESERVED_5](endpointsecurity/es_event_type_reserved_5.md)
- [ES_EVENT_TYPE_RESERVED_6](endpointsecurity/es_event_type_reserved_6.md)
- [ES_EVENT_TYPE_RESERVED_7](endpointsecurity/es_event_type_reserved_7.md)
- [ES_EVENT_TYPE_RESERVED_8](endpointsecurity/es_event_type_reserved_8.md)
- [ES_TCC_AUTHORIZATION_REASON_APP_TYPE_POLICY](endpointsecurity/es_tcc_authorization_reason_app_type_policy.md)
- [ES_TCC_AUTHORIZATION_REASON_ENTITLED](endpointsecurity/es_tcc_authorization_reason_entitled.md)
- [ES_TCC_AUTHORIZATION_REASON_ERROR](endpointsecurity/es_tcc_authorization_reason_error.md)
- [ES_TCC_AUTHORIZATION_REASON_MDM_POLICY](endpointsecurity/es_tcc_authorization_reason_mdm_policy.md)
- [ES_TCC_AUTHORIZATION_REASON_MISSING_USAGE_STRING](endpointsecurity/es_tcc_authorization_reason_missing_usage_string.md)
- [ES_TCC_AUTHORIZATION_REASON_NONE](endpointsecurity/es_tcc_authorization_reason_none.md)
- [ES_TCC_AUTHORIZATION_REASON_PREFLIGHT_UNKNOWN](endpointsecurity/es_tcc_authorization_reason_preflight_unknown.md)
- [ES_TCC_AUTHORIZATION_REASON_PROMPT_CANCEL](endpointsecurity/es_tcc_authorization_reason_prompt_cancel.md)
- [ES_TCC_AUTHORIZATION_REASON_PROMPT_TIMEOUT](endpointsecurity/es_tcc_authorization_reason_prompt_timeout.md)
- [ES_TCC_AUTHORIZATION_REASON_SERVICE_OVERRIDE_POLICY](endpointsecurity/es_tcc_authorization_reason_service_override_policy.md)
- [ES_TCC_AUTHORIZATION_REASON_SERVICE_POLICY](endpointsecurity/es_tcc_authorization_reason_service_policy.md)
- [ES_TCC_AUTHORIZATION_REASON_SYSTEM_SET](endpointsecurity/es_tcc_authorization_reason_system_set.md)
- [ES_TCC_AUTHORIZATION_REASON_USER_CONSENT](endpointsecurity/es_tcc_authorization_reason_user_consent.md)
- [ES_TCC_AUTHORIZATION_REASON_USER_SET](endpointsecurity/es_tcc_authorization_reason_user_set.md)
- [ES_TCC_AUTHORIZATION_RIGHT_ADD_MODIFY_ADDED](endpointsecurity/es_tcc_authorization_right_add_modify_added.md)
- [ES_TCC_AUTHORIZATION_RIGHT_ALLOWED](endpointsecurity/es_tcc_authorization_right_allowed.md)
- [ES_TCC_AUTHORIZATION_RIGHT_DENIED](endpointsecurity/es_tcc_authorization_right_denied.md)
- [ES_TCC_AUTHORIZATION_RIGHT_LEARN_MORE](endpointsecurity/es_tcc_authorization_right_learn_more.md)
- [ES_TCC_AUTHORIZATION_RIGHT_LIMITED](endpointsecurity/es_tcc_authorization_right_limited.md)
- [ES_TCC_AUTHORIZATION_RIGHT_SESSION_PID](endpointsecurity/es_tcc_authorization_right_session_pid.md)
- [ES_TCC_AUTHORIZATION_RIGHT_UNKNOWN](endpointsecurity/es_tcc_authorization_right_unknown.md)
- [ES_TCC_EVENT_TYPE_CREATE](endpointsecurity/es_tcc_event_type_create.md)
- [ES_TCC_EVENT_TYPE_DELETE](endpointsecurity/es_tcc_event_type_delete.md)
- [ES_TCC_EVENT_TYPE_MODIFY](endpointsecurity/es_tcc_event_type_modify.md)
- [ES_TCC_EVENT_TYPE_UNKNOWN](endpointsecurity/es_tcc_event_type_unknown.md)
- [ES_TCC_IDENTITY_TYPE_BUNDLE_ID](endpointsecurity/es_tcc_identity_type_bundle_id.md)
- [ES_TCC_IDENTITY_TYPE_EXECUTABLE_PATH](endpointsecurity/es_tcc_identity_type_executable_path.md)
- [ES_TCC_IDENTITY_TYPE_FILE_PROVIDER_DOMAIN_ID](endpointsecurity/es_tcc_identity_type_file_provider_domain_id.md)
- [ES_TCC_IDENTITY_TYPE_POLICY_ID](endpointsecurity/es_tcc_identity_type_policy_id.md)

### Functions

- [es_get_deadline_max_milliseconds(_:_:_:)](endpointsecurity/es_get_deadline_max_milliseconds(_:_:_:).md)
- [es_get_deadline_min_milliseconds(_:_:_:)](endpointsecurity/es_get_deadline_min_milliseconds(_:_:_:).md)
- [es_get_deadline_miss_mode(_:_:)](endpointsecurity/es_get_deadline_miss_mode(_:_:).md)
- [es_new_descendants_client(_:_:)](endpointsecurity/es_new_descendants_client(_:_:).md)
- [es_set_deadline_max_milliseconds(_:_:_:_:)](endpointsecurity/es_set_deadline_max_milliseconds(_:_:_:_:).md)
- [es_set_deadline_min_milliseconds(_:_:_:_:)](endpointsecurity/es_set_deadline_min_milliseconds(_:_:_:_:).md)
- [es_set_deadline_miss_mode(_:_:)](endpointsecurity/es_set_deadline_miss_mode(_:_:).md)