BlockBlock doesn't always detect persistence events

[checktext00]

Hi, I've been using BlockBlock and realized that most of the time it doesn't detect persistence events with some apps after installing them, or after switching their app preferences between launching at login and not launching at login. All of these apps do actually launch at login. Sometimes BlockBlock does detect SMART Utility's login item, but most of the time not. I "installed" all of these apps in my personal user ~/Applications folder instead of the system standard /Applications folder, except for SMARTReporer Free. I gave BlockBlock Full Disk Access in my system Privacy preferences. Also, none of these apps are detected by a separate KnockKnock scan (related KnockKnock issue) except SMARTReporter Free (in the KnockKnock Login Items list - and it's also the only app that shows up in macOS System Preferences Login Items), and none of these apps (including SMARTReporter Free) are in any system or user LaunchAgents or LaunchDaemons folder.

apps with issues:

• Micro Snitch (Little Snitch's version of OverSight) - never detected
• Stats (open-source iStat Menus clone) - never detected
• SMARTReporer Free - detected once the first first time I turn on the preference to launch at login, afterwards not detected if switching the preference. I uninstalled and reinstalled it, next time it wasn't detected at all.
• SMART Utility - detected around 15% of the time (this app auto-enables the launch at login when first run)

I've tried with SMART Utility to delete and recopy the .app file to my user ~/Applications folder more than 10 times (after logging out and relaunching the app in between), and it only showed an alert twice. The startup item for SMART Utility is a menu bar item, and it's a separate app located inside SMART Utility.app/Contents/Library/LoginItems/SMARTUtilityMenuItem.app.

When it did show an alert, it was related to this process: ~/Library/Application Support/com.apple.backgroundtaskmanagementagent/backgrounditems.btm

Also, I have KeePassXC installed in my ~/Applications folder which always shows an alert when switching the auto launch at login setting in its preferences - so no issue there (it doesn't show in System Preferences Login Items but it is in ~/Library/LaunchAgents)

---

macOS Catalina 10.15.7 BlockBlock v2.2.1 (latest) KnockKnock 2.5.0 (latest)

edit: I am using a standard (non-admin) user account. All apps except SMARTReporer Free were installed in my user ~/Applications folder instead of the system standard /Applications. When I tried installing these apps in the standard /Applications folder, BlockBlock did detect them on first install, and on a logout and logging back in they did launch, but after that both Micro Snitch and SMART Utility stopped launching on further logins. (For SMART Utility there is a setting in its app preferences called "Show status in menu bar" which should control that). The Stats app launches fine on login from the system /Applications folder.

[objective-see]

This should be fixed in versions of BlockBlock v2.2+ (when running on macOS 14+), as it now use Apple's Endpoint Security BTM events.

For example, detecting Micro Snitch: