Endpoint Security
Develop system extensions that enhance user security.
Overview
Endpoint Security is a C API for monitoring system events for potentially malicious activity. You can write your client in any language that supports native calls. Your client registers with Endpoint Security to authorize pending events, or receive notifications of events that already occurred. These events include process executions, mounting file systems, forking processes, and raising signals.
Develop your system extension with Endpoint Security and package it in an app that uses the System Extensions framework to install and upgrade the extension on the user’s Mac.
Topics
Event Monitoring
Entitlements
Reference
EndpointSecurity ConstantsEndpointSecurity Data TypesEndpointSecurity FunctionsEndpointSecurity StructuresEndpointSecurity Enumerations
Structures
es_cs_validation_category_tes_event_tcc_modify_tes_tcc_authorization_reason_tes_tcc_authorization_right_tes_tcc_event_type_tes_tcc_identity_type_t
Variables
ES_CS_VALIDATION_CATEGORY_APP_STOREES_CS_VALIDATION_CATEGORY_DEVELOPER_IDES_CS_VALIDATION_CATEGORY_DEVELOPMENTES_CS_VALIDATION_CATEGORY_ENTERPRISEES_CS_VALIDATION_CATEGORY_INVALIDES_CS_VALIDATION_CATEGORY_LOCAL_SIGNINGES_CS_VALIDATION_CATEGORY_NONEES_CS_VALIDATION_CATEGORY_OOPJITES_CS_VALIDATION_CATEGORY_PLATFORMES_CS_VALIDATION_CATEGORY_ROSETTAES_CS_VALIDATION_CATEGORY_TESTFLIGHTES_EVENT_TYPE_NOTIFY_TCC_MODIFYES_EVENT_TYPE_RESERVED_0ES_EVENT_TYPE_RESERVED_1ES_EVENT_TYPE_RESERVED_2ES_EVENT_TYPE_RESERVED_3ES_EVENT_TYPE_RESERVED_4ES_EVENT_TYPE_RESERVED_5ES_EVENT_TYPE_RESERVED_6ES_EVENT_TYPE_RESERVED_7ES_EVENT_TYPE_RESERVED_8ES_TCC_AUTHORIZATION_REASON_APP_TYPE_POLICYES_TCC_AUTHORIZATION_REASON_ENTITLEDES_TCC_AUTHORIZATION_REASON_ERRORES_TCC_AUTHORIZATION_REASON_MDM_POLICYES_TCC_AUTHORIZATION_REASON_MISSING_USAGE_STRINGES_TCC_AUTHORIZATION_REASON_NONEES_TCC_AUTHORIZATION_REASON_PREFLIGHT_UNKNOWNES_TCC_AUTHORIZATION_REASON_PROMPT_CANCELES_TCC_AUTHORIZATION_REASON_PROMPT_TIMEOUTES_TCC_AUTHORIZATION_REASON_SERVICE_OVERRIDE_POLICYES_TCC_AUTHORIZATION_REASON_SERVICE_POLICYES_TCC_AUTHORIZATION_REASON_SYSTEM_SETES_TCC_AUTHORIZATION_REASON_USER_CONSENTES_TCC_AUTHORIZATION_REASON_USER_SETES_TCC_AUTHORIZATION_RIGHT_ADD_MODIFY_ADDEDES_TCC_AUTHORIZATION_RIGHT_ALLOWEDES_TCC_AUTHORIZATION_RIGHT_DENIEDES_TCC_AUTHORIZATION_RIGHT_LEARN_MOREES_TCC_AUTHORIZATION_RIGHT_LIMITEDES_TCC_AUTHORIZATION_RIGHT_SESSION_PIDES_TCC_AUTHORIZATION_RIGHT_UNKNOWNES_TCC_EVENT_TYPE_CREATEES_TCC_EVENT_TYPE_DELETEES_TCC_EVENT_TYPE_MODIFYES_TCC_EVENT_TYPE_UNKNOWNES_TCC_IDENTITY_TYPE_BUNDLE_IDES_TCC_IDENTITY_TYPE_EXECUTABLE_PATHES_TCC_IDENTITY_TYPE_FILE_PROVIDER_DOMAIN_IDES_TCC_IDENTITY_TYPE_POLICY_ID