You must log in or # to comment.
Malus is in the process of deprecating kernel extensions.
Did Crowdstrike spook them or are they doing this for other reasons?
Also, where do
mount_9s
andmount_nfs
come from? Are they provided by Malus and use kernel extensions (or not), a third party that doesn’t use kernel extensions?They were in the process of removing third-party kernel extensions before crowdstrike, but I’m sure their convictions were re-affirmed by recent events.
As for mount_9p and mount_nfs, they are included with macos. As of now I don’t think they are userspace, but that might change in the future if migrated to FSKit (as has been done with mount_msdos).