Mac – Symantec – System Extension Blocked

email me

Problem

When installing an Endpoint Protection agent (SEP client) on a Mac with macOS High Sierra 10.13 (or newer), you receive the notification System Extension Blocked.


Error


Cause

This is due to a change in macOS High Sierra. Kernel Extensions (KEXT) that are not signed by Apple are no longer automatically installed by default. As a security measure, macOS now asks the User to allow the installation of third-party KEXTs.


Solutions

* none are great


Imaging

If you use NetBoot, NetInstall, or NetRestore, use the following command while preparing disk images for deployment:

spctl kext-consent add 9PTGMPNXZ2


Recovery Mode

spctl kext-consent disable


Manually Allow

System Preferences > Security & Privacy > Click the Allow button


Build and Administer MDM

Create an MDM to manage extensions

 

 

Notes

Also see:

About authorizing kernel extensions for Symantec Endpoint Protection for macOS 10.13 or later

Managing kernel extension authorization when deploying the Symantec Endpoint Protection client for Mac


Remote Assistance

When remoted into computer, create a script to click OK on the dialog box (you cannot remotely click OK, so the setup will not continue)

Remote Controltell application “System Events”
click at {123,456}
end tell