System Extension Blocked and MDM - Approved Kernel Extension Not Working (Fix)

New Contributor

I had an issue yesterday with a MacBook that continually warned about blocked System Extensions for Sophos and Check Point Endpoint VPN, despite an 'Allowed Kernel Extensions' MDM profile being in place.

There is very little info on this on the web, but I did find one useful post on the Apple forums which helped (foonon's post here). The issue in my case was with the KextPolicy database and the fix is below in case this is useful to anyone else:

Verifying it's a Database issue
1. Open Terminal
2. Connect to the database:

sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy

3. Attempt to query the kext_policy table:

SELECT * FROM kext_policy;

4. If you receive a 'database disk image is malformed' error, then the database is corrupt

Rebuilding the Database
1. Reboot in to Recovery Mode (Command+R)
2. If you've got Filevault enabled you'll need to mount the drive to unlock it (Disk Utilty -> Mount -> Enter Filevault user creds -> Exit Disk Utility)
3. Open Terminal
4. Change to the KextPolicy db folder:

cd /Volumes/<system drive>/private/var/db/SystemPolicyConfiguration

5. Move the database:

mv KextPolicy /Volumes/<system drive>/Users/Shared

6. Reboot the Mac and the database should be rebuilt. On first boot you may still get the warnings but this time they will go away once clicked on. You can also go through the Verifying the Database steps above to check the database is okay and the whitelisted entries exist in the table.


Contributor II

What OS is the machine running.

Seems to be a lot of issues on 10.13.4 regarding this issue.