Question

How to System Extension in macOS

Forum|Forum|6 years ago
November 13, 2019
55 replies
798 views

+15

Hugonaut
Esteemed Contributor

Detailed step by step guide using Symantecs system extension as an example since that seemed to be most popular.

Creating this thread for everyone to share new found knowledge, best practices & management tactics all in one place as we venture into a new Kext-Less macOS.

WWDC System Extensions Keynote

https://developer.apple.com/system-extensions/

Click Here for a Great Breakdown of System Extensions from Scott Knight

To start, the best way I know of to obtain a list of system extensions that are present on the machine via terminal is the following command.

systemextensionsctl list

This command will produce the following information regarding system extensions.

enabled active  teamID  bundleID (version)  name    [state]

for a full example, using symantecs release for macOS 10.15, the following is populated

Hugonaut$ systemextensionsctl list
1 extension(s)
--- com.apple.system_extension.endpoint_security
enabled active  teamID  bundleID (version)  name    [state]
*   *   9PTGMPNXZ2  com.symantec.mes.systemextension (10.0.0/10.0.0)    Symantec System Extension   [activated enabled]

Show first post

Forum|pagination.label 3 / 3

+22

mhasman
Valued Contributor
Forum|Forum|5 years ago
August 11, 2020

@hstanley Same here. Even when Broadcom system attention is allowed, SEP is not updating components and definitions (technically, not functioning) until someone manually lunches SEP client

toconnor
New Contributor
Forum|Forum|5 years ago
September 11, 2020

@mhasman @hstanley Hopefully your SEP support team has already provide this info but just in case anyone else needs it; had the same issue with SEP 14.3 and apparently it's a known issue https://knowledge.broadcom.com/external/article?articleId=198559. Vendor's workaround is to run a post-install script that facilitates opening the GUI prior to the required restart.

hstanley
New Contributor
Forum|Forum|5 years ago
September 11, 2020

@toconnor Thanks for the link! Our SEP support has not provided any info yet, so I appreciate you sharing.

joelsenders
Contributor
Forum|Forum|5 years ago
September 25, 2020

I have SEP 14.3 running correctly in macOS 10.15. Just like in prior versions, you need the kernel extension and system extension whitelisted, as well as the proper PPPC settings. Also, leave all of your existing SEP whitelists and PPPC settings in place. Just add these to them.

Kernel Extension Team ID for Broadcom is now: Y2CCP3S9W7

System Extension Team ID for Broadcom is now: Y2CCP3S9W7
System Extension to be allowed is: com.broadcom.mes.systemextension

PPPC settings:
Identifier:
com.broadcom.mes.systemextension
Code Requirement:
identifier "com.broadcom.mes.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = Y2CCP3S9W7
(Allow access to ALL SystemPolicy services)

Identifier:
com.broadcom.sep.mainapp
Code Requirement:
identifier "com.broadcom.sep.mainapp" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = Y2CCP3S9W7
(Allow access to ALL SystemPolicy services)

(This one below may not be necessary, but I included it anyway)
Identifier:
com.symantec.SymLUHelper
Code Requirement:
identifier "com.symantec.SymLUHelper" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "9PTGMPNXZ2"
(Allow access to ALL SystemPolicy services)

I also still have to have all of these config profiles present on the system BEFORE SEP 14.3 is installed, or else none of it works. So I have a system in place to make sure SEP never gets installed unless all of this is present. If anyone wants further info on it, I'd be happy to provide more.

ShaneJ11
New Contributor
Forum|Forum|2 years ago
March 29, 2023

@Hugonaut Your posts have been very helpful, I keep seeing you pop when I'm searching for answers as a new jamf user, thank you.

Forum|pagination.label 3 / 3

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded