BlockBlock with ES API as System Extension

objective-see / BlockBlock

BlockBlock provides continual protection by monitoring persistence locations.

GNU General Public License v3.0

626 stars 39 forks source link

BlockBlock with ES API as System Extension #13

Open ivwang opened 4 years ago

ivwang commented 4 years ago

Hi,

As BlockBlock 1.x has been moved to Endpoint Security framework and in WWDC20 Apple promises additional protections when using ES as System Extension, is there also plan to migrate current BlockBlock LaunchDaemon to System Extension for those "free" anti-tempering measures provided by Apple, and pointed out by Trail of Bits's Sinter?

Thanks

hazcod commented 2 years ago

Would love to see this as wel, any plans for this @objective-see ?

objective-see commented 1 year ago

This would be a great feature 🤔 ...I'll put in on the roadmap!