System Extension Blocked (Mac)

macOS High Sierra 10.13 introduced a new security feature that requires manual user approval before loading new third-party kernel extensions.

User Approved Kernel Extension Loading

To improve security on the Mac, kernel extensions installed with or after the installation of macOS High Sierra require user consent in order to load. This is known as User Approved Kernel Extension Loading. Any user can approve a kernel extension, even if they don’t have administrator privileges.

A walk-through of the user approval process

When a user installs an application on a Mac (either from a local source or via Managed Software Center) which loads a third-party extension, the load request is denied and macOS presents the alert shown in Figure 1.

Figure 1 The "System Extension Blocked" dialog which you would see if you have installed the GlobalProtect VPN application for the first time.

Fig 1

Click on the button labeled "Open Security Preferences", which will take you to the Security & Privacy panel of Systems Preferences (as shown in Figure 2).

NOTE: If you click the "OK" button instead, you have 30 minutes in which to navigate to the Security & Privacy System Preference before the Allow button disappears. You would then need to restart the Mac in order to approve the system extension(s).

Figure 2   User approval to load the third-party extension. In this example, selecting "Allow" will enable loading of kernel extensions from Palo Alto Networks, developers of the GlobalProtect VPN client.

Fig 2

Click on the "Allow" button to enable the kernel extension to load so that this application (and any other applications by the same developer) will function properly on the Mac. You will be prompted if a restart is required at this time.

Which applications require user approval?

Below is a short list of the third-party applications you would be most likely to encounter at WCER which may require manual approval:

• Box Drive (cloud storage and collaboration application)

• Cisco System's AMP for Endpoints Connector (antivirus and malware protection)

• Palo Alto Networks GlobalProtect (VPN client)

• VMWare Fusion (virtual machine application)

PLEASE NOTE: If any of these applications were already installed when you received your Mac, then the Tech Services administrator would have already approved them so you should not be prompted for approval.

Keywords:system, kernel, extension, blocked, mac, warning, globalprotect, symantec, endpoint, protection, identity, finder, high sierra, malwarebytes   Doc ID:82563
Owner:David P.Group:WCER Technical Services
Created:2018-05-31 12:18 CDTUpdated:2019-11-07 15:16 CDT
Sites:WCER Technical Services
Feedback:  3   0