My institution has been making the switch to Cylance recently and were having some issues with the Kernel exception for their Team ID. When the Cylance kernel is blocked by 10.13.3, there's no "Allow" button in the Security and Features GUI (I've attached a picture from one of our machines), but adding it through the Recovery OS with the "spctl-kext" command and running a re-install of Cylance allows the Kernel exception to take and work properly. I will note that the exception only takes after a reinstall.
It's certainly a blocked kernel and the error logs show the same Kernel error for any machine we have issues with, all with no Allow button in the GUI. Doing the manual add through the Recovery has worked for each affected machine.
My company is in the process of merging many of our other smaller sites under 1 structure. Our larger Mac-heavy site, is managed in Casper thankfully, but the sites we are working on merging are a mix of Macs managed in a whole bunch of ways. Some in LANRev, some through ARD and some not managed at all, but still owned by the company.
Our Casper managed machines have no issues, assuming because of the note in the Technical Article Apple had released about MDM solutions, Kernel exceptions and 10.13. Though they do seem to have issues even if managed by LANRev (I'm learning this management tool as well, hopefully not much longer, not a fan!) It's more than likely not setup properly or similar to our settings in Casper, allowing the exception.
Anyone having the same issues on 10.13 not having the option to Allow the blocked kernel from loading? I'm relatively new to managing macOS so maybe there's possibly a setting to adjust that I dont know about too?
Thank you for reading!