Problem
When installing an Endpoint Protection agent (SEP client) on a Mac with macOS High Sierra 10.13 (or newer), you receive the notification System Extension Blocked.
Error
Cause
This is due to a change in macOS High Sierra. Kernel Extensions (KEXT) that are not signed by Apple are no longer automatically installed by default. As a security measure, macOS now asks the User to allow the installation of third-party KEXTs.
Solutions
* none are great
Imaging
If you use NetBoot, NetInstall, or NetRestore, use the following command while preparing disk images for deployment:
spctl kext-consent add 9PTGMPNXZ2
Recovery Mode
spctl kext-consent disable
Manually Allow
System Preferences > Security & Privacy > Click the Allow button
Build and Administer MDM
Create an MDM to manage extensions
Notes
Also see:
About authorizing kernel extensions for Symantec Endpoint Protection for macOS 10.13 or later
Remote Assistance
When remoted into computer, create a script to click OK on the dialog box (you cannot remotely click OK, so the setup will not continue)
Remote Controltell application “System Events”
click at {123,456}
end tell