macOS introduced the EndpointSecurity framework in macOS Catalina to provide a generic security framework for third party applications. All EndpointSecurity client requires the user the provide Full Disk Access rights. If this permission is not granted, the client can't register and operate. While this is a preventive control for installing such software, it turns out to be the "Achilles heel" of the entire concept. Once this permission is revoked, the client becomes non functional, and thus trivial to disarm. To reset FDA permissions we can use tccutil. Originally it could be used to reset ES client permissions without any control, which was an issue. \n\n In this talk I will show the evolution of tccutil, how and what kind of mitigations Apple added to the utility after my report and then how I bypassed it in various ways. Apple then went on and redesigned the whole control embedded in the tool, which I will also discuss. Although it seems to be ok now it is still vulnerable under certain conditions. At the end I will also briefly talk about the untold power of "Full Disk Access", and how it becomes (in my opinion) a single point of failure control in the operating system.