How is everyone managing their System Extensions ?

nsbickhart
Contributor

Just curious to see if other admins are managing their system extensions all within a single profile. We use Symantec, CrowdStrike, and AnyConnect, which all have bundled profiles from the vendor (including the system extensions).

Just wondering if anyone is splitting out the system extensions from bundled profiles or keeping them within a profile for the specific apps/

5 REPLIES 5

sirsir
Contributor

I've had most of mine split between PPPC & Kext Approvals, but some bundled together (like Sophos.) Since we have some M1 and Big Sur test units, I have started splitting the ones I had together. I'm not sure what the best practice is in regards to this, so I'm also curious.

mschroder
Valued Contributor

We have ours split, main reason being that we have quite different targets for the different SE's, and I don't like installing stuff that is not needed on that device. Keeping them seperate also has the advantage that I don't need to replace the profiles on all the nodes when I need to change the profile for one SE only.

stevewood
Honored Contributor II

We've always split out. Downside is it means 60+ profiles on a machine. Upside is that if I need to change something for one vendor I do not affect a profile for another vendor. And if I need to only change a PPPC setting, I do not affect the Notification profile for the same vendor, for example.

There is no right or wrong, it's just what your preference is, honestly.

nsbickhart
Contributor

Anyone know if a duplicate system extension profile can cause any issues? We currently have our system extensions all in 1 profile. Wondering if you forget to take the system extension payload out of a vendor provided profile if it would cause any havoc.

mschroder
Valued Contributor

As long as the settings are identical you should not have any problem with a duplicated profile. The fun starts when they diverge.