j-gray 37 Posted March 1, 2018 Share Posted March 1, 2018 We have a few High Sierra systems with the latest version of ESET. They continue to pop up the 'system extension blocked' window. The 'Allow' button is not grayed out, however, clicking 'Allow' does nothing --no confirmation dialog or acknowledgement. On restart, the same window pops up. I've uninstalled both AV and agent multiple times, but the issue persists. Any clues on how to resolve this if the provided solution does not work? Link to comment Share on other sites More sharing options...
j-gray 37 Posted March 2, 2018 Author Share Posted March 2, 2018 Has anyone else encountered this? Link to comment Share on other sites More sharing options...
ESET Moderators foneil 342 Posted March 2, 2018 ESET Moderators Share Posted March 2, 2018 Checking with Tech Support. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,158 Posted March 5, 2018 ESET Moderators Share Posted March 5, 2018 Hello @j-gray have you tried to enable it locally? We had few reports of such issue and it may be caused by the macOS security restrictions. "Because of security reasons pressing the Allow button won’t take effect if you are connecting to the machine via Remote Desktop, or if the mouse/trackpad is emulated by a 3rd party application (MagicPrefs, BetterTouchTool, Synergy, etc.) " see https://discussions.apple.com/thread/8087342 for reference. Regards, P.R. Link to comment Share on other sites More sharing options...
jkknight 2 Posted April 4, 2018 Share Posted April 4, 2018 On 3/5/2018 at 3:21 AM, Peter Randziak said: have you tried to enable it locally? I'm having the same issue as I am currently deploying ESET Antivirus client to all Mac's in our environment. I have the Remote Agent installed and then push the AntiVirus install but it never reports back after successful installation because of the 'ESET extension block'. This kinda defeats the purpose of me installing remotely since I now have to go around and touch each machine to 'Allow' the extension. Is there not a way for you guys to submit your software keys to Apple so that the OS does not think this is a rogue program? All our Mac's are set to 'Allow App Store and identified developers' - seems like an easy solution since only Mac's that are running the latest macOS High Sierra are the ones experiencing this issue. Machines running macOS Sierra and below install/run fine. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,158 Posted April 6, 2018 ESET Moderators Share Posted April 6, 2018 Hello @jkknight, the changes were introduced by Apple to improve the security, but it caused issues as you described. We found following info on the Apple's web, which might be helpful for you: For enterprise deployments where it is necessary to distribute software that includes kernel extensions without requiring user approval, there are two options: · If your workflow is based on imaging, boot into Recovery OS and use the spctl kext-consent command. For detailed information about the spctl command, run the command spctl help. This command can either disable the user approval requirement completely or specify a list of Team IDs whose KEXTs may be loaded without user approval. The spctl command works in any installation environment, including Recovery OS and from NetBoot/NetInstall/NetRestore images. Note that the Team ID list maintained by spctl is separate from the system-wide policy database. · For workflows that leverage mobile device management (MDM), all systems with a valid MDM profile installed will not require user approval to load any properly-signed kernel extension. To reiterate, all third-party KEXTs that were already installed at the time of upgrading to macOS High Sierra are automatically approved and don't require any user action.https://developer.apple.com/library/content/technotes/tn2459/_index.html Regards, P.R. Link to comment Share on other sites More sharing options...
jkknight 2 Posted April 9, 2018 Share Posted April 9, 2018 On 4/6/2018 at 7:49 AM, Peter Randziak said: For workflows that leverage mobile device management (MDM), all systems with a valid MDM profile installed will not require user approval to load any properly-signed kernel extension. Thanks Peter - With ERA being a sudo MDM has anyone figured out if there is a way to create a valid MDM profile on remote Mac's via ERA? Are ESET's extensions "properly-signed"? I'm not utilizing imaging to distribute ESET - I send an email for everyone to install the Remote Agent (.tar file and Terminal) for me and when I see them in ERA I then remotely install Endpoint Antivirus. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,158 Posted April 10, 2018 ESET Moderators Share Posted April 10, 2018 Hello @jkknight, 17 hours ago, jkknight said: Thanks Peter - You are welcome :-) 17 hours ago, jkknight said: With ERA being a sudo MDM has anyone figured out if there is a way to create a valid MDM profile on remote Mac's via ERA? Are ESET's extensions "properly-signed"? The ESET ERA is not an MDM from Apple's point of view so you would need something like https://www.apple.com/business/dep/ Our extensions are properly signed, (from Apple's point of view as well :-) ) 17 hours ago, jkknight said: I'm not utilizing imaging to distribute ESET - I send an email for everyone to install the Remote Agent (.tar file and Terminal) for me and when I see them in ERA I then remotely install Endpoint Antivirus. I'm afraid that in such case, the employees will have to manually allow the extension in this scenario, or disable the Apple SIP https://support.apple.com/en-us/HT204899 Regards, P.R. Link to comment Share on other sites More sharing options...
Recommended Posts