Skip to main content

Hi,

I'm getting a whole lot of software ready for a new set of lab deployments. With Catalina I see this message Verifying "application name" with a progress bar.

Looks like a reasonable thing but it happens every time the users log in and with an Application like Mathematica it's taken a really long time - at least 1/2 an hour

Is there some way to approve these or disable this checking? I know it's a security feature but we can't have the students waiting that long in a lab.

Yes, they appeared to change identity management on this site, so my email
no longer was tied to the old ID (though I couldn't reclaim it either...).

It was on 10.15, run as sudo, don't think it matters where it is run from.
In Meraki there is an area for KEXT policy files, I'd imagine Jamf has
something similar.

I was in super rush mode back when I figured everything out back then, and
haven't updated much since (and didn't document unfortunately due to the
time crunch we were under at the time. I'm likely to be circling back to
update some things with our Macs in the next week, so I'll look through
things and see if I can't nail more information down. It was very much a
matter of shooting Zombies at the time... no time to celebrate one thing,
with another clawing at me...

Thank you. I'm still at a loss about how KEXTs are related to app verification. They only seem to be related to app approval. And how does one execute a plist file??

Here's the article on doing it in JAMF:

https://docs.jamf.com/jamf-school/deploy-guide-docs/Whitelisting_Kernel_Extensions.html

Meraki:

https://documentation.meraki.com/SM/Profiles_and_Settings/Configuration_Settings_Payloads

MS Endpoint Manager (InTune):

https://docs.microsoft.com/en-us/mem/intune/configuration/kernel-extensions-settings-macos

Looks like they've deprecated KEXT in favor or System Extensions though, so that's likely a little different...

Apple articles on System Extensions (SEXTs/sEXTs?  I guess be careful if you offer to share your sEXTs...):

https://developer.apple.com/documentation/systemextensions

https://developer.apple.com/system-extensions

JAMF articles on sEXTs, which is likely where we should be looking moving forward...

https://community.jamf.com/t5/jamf-pro/system-extension-activated-waiting-for-user/td-p/229168

https://community.jamf.com/t5/jamf-pro/how-to-system-extension-in-macos/td-p/160231

I'll update this if I recall anything further, hopefully they don't disable kEXTs for updates to 10.15.


I just updated an image, and with the updated software, all updated software required verification again... so once you update 10.15 beyond one of the early dot releases, the solution doesn't appear to work anymore.  From what I've read, OS 11 *should* work using the above method, but I haven't tested it myself yet.

Whenever I get the "macOS cannot verify the developer" error, not too often these days, I usually modify the affected file with Terminal.  In this instance, let's say it's a screen saver you created and farming out it out to users. 

 

sudo xattr -c /path/toyourfile/filename.extension

 

IMO the "Verifying <application>..." dialog isn't a big deal. Users aren't asked to respond to anything.

Terms & ConditionsCookie settingsAccessibility statement