Certain antivirus/network security applications require access to the hard disk and memory of devices, in order to function properly. For this purpose, you might need to Allowlist certain extensions on these devices. As a part of macOS 10.13, Apple introduced User Approved Kernel Extension Loading (UAKEL) which gave users full control to approve or deny Kernel extensions during software installation.
However, Mac machines in which you remotely approve these extensions using an Endpoint Central solution must hold a User Approved MDM (UAMDM) status. Endpoint Central's enrollment methods automatically grant the UAMDM status to managed Mac machines. As a result of this, you can Allowlist both Kernel Extensions and System Extensions which include Network, Driver, as well as Security extensions.
Configuration Specification | Description |
---|---|
Allow users to approve kernel/system extensions manually | Enabling this allows users to manually approve or block the extensions which are not specified in this policy. |
Team identifier | To approve extensions developed by a vendor, provide their Team identifier. |
Allowed Extension Categories | Select at least one category of extensions you want to Allowlist. |
Extension bundle identifier(s) | To approve specific extensions developed by a vendor which belongs to particular categories, specify their unique bundle identifier(s). If this is left unspecified, all the extensions with the same Team identifier will be approved. |
NOTE: This approval is available for only 30 minutes. For it to reappear, the Mac machine must be restarted to load the extension once again.
sudo sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy "SELECT * FROM kext_policy"
2Y8XE5CQ94|com.kaspersky.kext.klif|1|Kaspersky Lab UK Limited|1
2Y8XE5CQ94|com.kaspersky.kext.kimul|1|Kaspersky Lab UK Limited|1
2Y8XE5CQ94|com.kaspersky.kext.mark.1.0.6|1|Kaspersky Lab UK Limited|1
2Y8XE5CQ94|com.kaspersky.nke|1|Kaspersky Lab UK Limited|1
AH4XFXJ7DK|com.fortinet.fct.kext.ipsec|1|Fortinet, Inc|1
AH4XFXJ7DK|com.fortinet.kext.fctrouternke|1|Fortinet, Inc|1
VB5E2TV963|org.virtualbox.kext.VBoxDrv|1|Oracle America, Inc.|1
VB5E2TV963|org.virtualbox.kext.VBoxUSB|1|Oracle America, Inc.|1
VB5E2TV963|org.virtualbox.kext.VBoxNetFlt|1|Oracle America, Inc.|1
VB5E2TV963|org.virtualbox.kext.VBoxNetAdp|1|Oracle America, Inc.|1
QX5T8D6EDU|com.bluestacks.kext.Hypervisor|1|BlueStack Systems, Inc.|1