• chiisana
    link
    fedilink
    104 months ago

    https://developer.apple.com/documentation/endpointsecurity

    This API allows for security applications to monitor for potentially malicious behaviors. As it is part of the System Extension and DriverKit, it shouldn’t crash the system kernel… but you do need to request for entitlement from Apple to build apps using that API (honestly probably a good thing, prevents spywares using it to spy on people).

    • @jonne@infosec.pub
      link
      fedilink
      64 months ago

      Seems like windows really is behind when it comes to this then, if everyone else has a proper solution. Still, I feel this is more on crowdstrike than Microsoft. For whatever reason they didn’t have the right processes in place to avoid pushing bad code.