Help

kexts blocked after approval config profile

Dan1987
New Contributor III

Posted on ‎05-03-2019 06:09 AM

Hi everyone,

We've just pushed a configuration profile to whitelist a kext for bitdefender and although the Allow users to approve kernel extensions is selected, it appears its blocked all other kexts from being approved or from running.

For example, i have never had VirtualBox installed but when i try the install, it fails and console displays the details below. When i pushed the Configuration Profile to my machine to allow the kext, VirtualBox installs fine.

This has also been tested with Parallels and the same issue occurs and workaround fixes it.

This doesn't sound right since to allow one kext, blocks all others. Does anyone know how to fix this?

Nothing shows in System Preferences anymore either.

Thanks,

Dan

05a9a34d263a4fca8dc3f76c43f447cb
607c0ed56de44ed180ddef9fb4f8361a
3ec348fb46dc48bdb5b009cfd3992630

0 Kudos
6 REPLIES 6

mm2270
Legendary Contributor III

Posted on ‎05-03-2019 06:27 AM

I can't be sure, but it almost looks to me like you are replacing one approved kext for another in your profile, instead of adding in additional ones. Does it sound like that's what you're doing or am I misunderstanding? I guess my question is, do you have a separate Approved Kernel Extensions profile per KEXT that needs to be approved? Because your screenshot only shows a single KEXT (VirtualBox) being approved, not multiple ones so I really don't know exactly what you have set up.

0 Kudos

Dan1987
New Contributor III

Posted on ‎05-03-2019 06:51 AM

Basically we had nothing configured to touch the kexts before but then we had to add one for bitdefender and by allowing it to run has blocked all others.

I created the VirtualBox one to test my theory and adding their TeamID to approved kexts has allowed the application to work again.

0 Kudos

mm2270
Legendary Contributor III

Posted on ‎05-03-2019 07:17 AM

I'm a little confused. Are you saying that prior to pushing any KEXT approval profile, VirtualBox was allowed to run on the Mac or ran and had it's KEXT approved manually, and then suddenly is not being allowed to run after the profile push? Or is it that you didn't run/approve VirtualBox before and it's also asking for approval?
Because to my knowledge, all KEXTs get blocked on the OS by default until they are approved, either by the end user or via a profile pushed from an MDM program. I don't believe approving one KEXT suddenly blocks other ones that had previously been working without issue. If that's exactly what you're seeing then something is amiss I think.

0 Kudos

Dan1987
New Contributor III

Posted on ‎05-03-2019 09:14 AM

Thats correct, VirtualBox was allowed to run on the Mac and ran and had it's KEXT approved manually, and all worked fine then suddenly is not being allowed to run after the profile push.

But it isnt just VirtualBox, since i use Parallels it happened to me and i had to make a profile to allow the kext.

Also, no message comes in Security & Privacy for me to Allow either.
Happens on 13 different computers atm

0 Kudos

PatrickD
Contributor II

Posted on ‎02-04-2020 04:56 PM

Hi @Dan1987,

Just wondering if you managed to get anywhere with this one? I am seeing something similar on macOS 10.15 devices at the moment.

Cheers,
Pat

0 Kudos

donmontalvo
Esteemed Contributor III

Posted on ‎04-30-2020 04:40 PM

Leaving this here in case it helps:

https://www.jamf.com/jamf-nation/discussions/30534/approved-kernel-extensions-still-asking-to-be-all...

--
https://donmontalvo.com
0 Kudos