Jump to content

High Sierra ESET extension blocked


j-gray
 Share

Recommended Posts

We have a few High Sierra systems with the latest version of ESET. They continue to pop up the 'system extension blocked' window.

The 'Allow' button is not grayed out, however, clicking 'Allow' does nothing --no confirmation dialog or acknowledgement. On restart, the same window pops up.

I've uninstalled both AV and agent multiple times, but the issue persists.

Any clues on how to resolve this if the provided solution does not work?

Link to comment
Share on other sites

  • ESET Moderators

Hello @j-gray

have you tried to enable it locally? We had few reports of such issue and it may be caused by the macOS security restrictions.

"Because of security reasons pressing the Allow button won’t take effect if you are connecting to the machine via Remote Desktop, or if the mouse/trackpad is emulated by a 3rd party application (MagicPrefs, BetterTouchTool, Synergy, etc.) "

see https://discussions.apple.com/thread/8087342 for reference.

Regards, P.R.

Link to comment
Share on other sites

  • 5 weeks later...
On 3/5/2018 at 3:21 AM, Peter Randziak said:

have you tried to enable it locally?

I'm having the same issue as I am currently deploying ESET Antivirus client to all Mac's in our environment. I have the Remote Agent installed and then push the AntiVirus install but it never reports back after successful installation because of the 'ESET extension block'. This kinda defeats the purpose of me installing remotely since I now have to go around and touch each machine to 'Allow' the extension. 

Is there not a way for you guys to submit your software keys to Apple so that the OS does not think this is a rogue program? 

All our Mac's are set to 'Allow App Store and identified developers' - seems like an easy solution since only Mac's that are running the latest macOS High Sierra are the ones experiencing this issue. Machines running macOS Sierra and below install/run fine.

Link to comment
Share on other sites

  • ESET Moderators

Hello @jkknight,

the changes were introduced by Apple to improve the security, but it caused issues as you described.

We found following info on the Apple's web, which might be helpful for you:

For enterprise deployments where it is necessary to distribute software that includes kernel extensions without requiring user approval, there are two options:
·         If your workflow is based on imaging, boot into Recovery OS and use the spctl kext-consent command. For detailed information about the spctl command, run the command spctl help. This command can either disable the user approval requirement completely or specify a list of Team IDs whose KEXTs may be loaded without user approval. The spctl command works in any installation environment, including Recovery OS and from NetBoot/NetInstall/NetRestore images.
Note that the Team ID list maintained by spctl is separate from the system-wide policy database.
·         For workflows that leverage mobile device management (MDM), all systems with a valid MDM profile installed will not require user approval to load any properly-signed kernel extension.
To reiterate, all third-party KEXTs that were already installed at the time of upgrading to macOS High Sierra are automatically approved and don't require any user action.
https://developer.apple.com/library/content/technotes/tn2459/_index.html

Regards, P.R.

Link to comment
Share on other sites

On 4/6/2018 at 7:49 AM, Peter Randziak said:

For workflows that leverage mobile device management (MDM), all systems with a valid MDM profile installed will not require user approval to load any properly-signed kernel extension.

Thanks Peter - 

With ERA being a sudo MDM has anyone figured out if there is a way to create a valid MDM profile on remote Mac's via ERA? Are ESET's extensions "properly-signed"? 

 

I'm not utilizing imaging to distribute ESET - I send an email for everyone to install the Remote Agent (.tar file and Terminal) for me and when I see them in ERA I then remotely install Endpoint Antivirus. 

Link to comment
Share on other sites

  • ESET Moderators

Hello @jkknight,

17 hours ago, jkknight said:

Thanks Peter - 

You are welcome :-)

17 hours ago, jkknight said:

With ERA being a sudo MDM has anyone figured out if there is a way to create a valid MDM profile on remote Mac's via ERA? Are ESET's extensions "properly-signed"? 

The ESET ERA is not an MDM from Apple's point of view so you would need something like https://www.apple.com/business/dep/ 

Our extensions are properly signed, (from Apple's point of view as well :-) )

17 hours ago, jkknight said:

I'm not utilizing imaging to distribute ESET - I send an email for everyone to install the Remote Agent (.tar file and Terminal) for me and when I see them in ERA I then remotely install Endpoint Antivirus. 

I'm afraid that in such case, the employees will have to manually allow the extension in this scenario, or disable the Apple SIP https://support.apple.com/en-us/HT204899

Regards, P.R.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...