Apple has made changes starting with macOS High Sierra 10.13. These changes affect the ability to deploy software using kernel extensions in the enterprise. Malwarebytes Endpoint Protection for Mac uses a kernel extension to deploy endpoints to Apple computers.
When a kernel extension is installed, the user sees a System Extension Blocked alert.
Third-party kernel extensions can only be installed with the user's explicit consent. The user must click on a button in System Preferences. Apple blocks this button from being clicked remotely via screen sharing or scripted actions. Normally, you must manually allow the kernel extension at the computer. For more details, refer to Apple's Technical Note TN2459, User-Approved Kernel Extension Loading.
To bypass the System Extension Blocked message on your Mac endpoints, deploy a kernel extension (kext) whitelisting policy using a User Approved Mobile Device Management (UAMDM) before you deploy the Malwarebytes Endpoint Agent.
Deploy kext whitelisting policy using UAMDM
- Download the attached Malwarebytes_kext_whitelist.mobileconfig file.
- Upload the file to your UAMDM.
- Save and deploy your kext whitelisting policy by UAMDM.
Note: If you've already deployed a kext whitelisting policy for other applications, you can instead add the following identifiers to your UAMDM:
- Team identifier: GVZRY6KDKR
- Bundle identifier: com.malwarebytes.ncep.rtprotection.daemon