Help

Systems extensions not available to approve in Security & Privacy.

j-polasek
New Contributor II

Posted on ‎05-17-2020 02:28 PM

Good Afternoon,

I was testing a new configuration profile to approve a kernel extension. I accidentally unchecked the "Allow users to approve kernel extensions" box in the profile. Once the profile was deployed to test systems, extensions that were approved requested approval again.

a5cd3c13ca0a490b85ddc8c4d295657d

However, there was no way to approve them in the Security and Privacy preference panel. I checked the box and deployed the profile again, but no changes. I have restarted, no change. I have uninstall parallels and reinstalled, same issue. I did a new installation of parallels on a system and still the problem persists. This occurs on High Sierra, Mojave and Catalina

Does anyone know of possible solutions?

thanks
Jeff Polasek

Reply
6 REPLIES 6

shaquir
Contributor III

Posted on ‎05-17-2020 06:06 PM

Jamf has some documentation on Whitelisting Kernel Extensions

To view the approved ID, in terminal you can:

sudo sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy

Followed by:

.headers on
SELECT * FROM kext_policy;

292cd6433f714072b01f34372f77b32e

Once you have the TeamID (Parallel should be 4C6364ACXT)

Add the Team ID in a Kernel extension and scope appropriately. (I'd leave out the bundle ID, team ID is the parent process)
8a6c6067b4994f538fb80154ad76bfa9

0 Kudos
Reply

shaquir
Contributor III

Posted on ‎05-17-2020 06:07 PM

Just came across this guide:
https://derflounder.wordpress.com/2018/04/12/whitelisting-third-party-kernel-extensions-using-profil...

0 Kudos
Reply

j-polasek
New Contributor II

Posted on ‎05-18-2020 05:53 AM

Thanks for the responses. I wasn't exactly clear on the issue. Software that had been running with approved system extensions started displaying the message that the system extensions need approval, but there is no allow button in the Security & Privacy panel. I setup the profile to allow parallels

7d18f20b26894aa1bc2d1dbdb839548d

But the extensions still do not load.

Any Ideas?

Thanks

Jeff

0 Kudos
Reply

GeoffWiddowson
New Contributor

Posted on ‎05-19-2020 05:54 AM

@j-polasek You need the approved kernel extentions. 086ec019026c437ea1e5e4bf05165b55

0 Kudos
Reply

eric_shrimer
New Contributor

Posted on ‎03-11-2021 07:41 AM

@GeoffWiddowson sorry to reply to such an old thread! But from my understanding, the Team ID isn't enough, you need to add the actual kernel extension bundle ID's too, or the user won't be able to allow them?

0 Kudos
Reply

Dalmatian
Contributor

Posted on ‎03-18-2021 01:04 AM

I have the same issue here. like Box.app, Google Drive.app and Parallels Desktop.app. My user was upgrading from Catalina to BigSur, all these 3 apps were allowed and working well on Catalina, but didn't work any more on BigSur, plus there is no 'Allow' button to approve.

This is happening on more and more laptops upgrading to BigSur. How can we reduce the impact and do it via JAMF? We can't add all apps in profiles.

Reply