All macOS Elastic Endpoint versions affected by macOS 13 (Ventura) Full Disk Access bug

[ferullo]

All versions of Elastic Endpoint are affected by a bug in macOS 13 (Ventura) which disables previously granted Full Disk Access. This bug does not affect Elastic Endpoints managed by an MDM solution.

Steps to reproduce:

• Install Elastic Endpoint on macOS 12 (Monterey) without MDM
• Follow these steps to grant all permissions needed
• See that after approval Endpoint's status in the Security App's Endpoint page is HEALTHY
• Upgrade to macOS 13 (Ventura)
• See that Endpoint's status in the Security App is is now UNHEALTHY because Full Disk Access is no longer approved

Workaround

• In Settings -> Security & Privacy -> Privacy -> Full Disk Access, remove Full Disk Access approval from ElasticEndpoint and co.elastic.systemextension
• Re-enable Full Disk Access in the same location. A reboot may be required between these two steps.

This bug is in macOS not Elastic Endpoint. It will be fixed by an update to macOS.

[WiegerElastic]

Documenting this so we don't lose it:

https://developer.apple.com/documentation/macos-release-notes/macos-13_1-release-notes

Endpoint Security Known Issues

• Applications using Endpoint Security extensions might lose Full Disk Access authorization, impacting their ability to function. This issue doesn’t affect MDM-enabled extensions. (100857507)

• Workaround: Removing and re-adding Full Disk Access in Settings for these extensions might resolve the issue.