Passer au contenu principal
Quitter

Bienvenue dans l’univers Dell

Mon compte
  • Passer des commandes rapidement et facilement
  • Afficher les commandes et suivre l’état de votre expédition
  • Créez et accédez à une liste de vos produits
  • Gérer vos sites, vos produits et vos contacts au niveau des produits Dell EMC à l’aide de la rubrique Gestion des informations de l’entreprise.
Se connecter Créer un compte Connexion au compte Premier Connexion au programme de partenariat
Nous contacter
Certains numéros d’article ont peut-être changé. Si ce n’est pas ce que vous recherchez, essayez de faire une recherche sur tous les articles. Rechercher des articles

Numéro d’article: 000129477

How to Allow Dell Data Security Kernel Extensions on macOS

Résumé: Kernel extensions may be approved for Dell Data Security products on Mac.

Cet article a peut-être été traduit automatiquement. Si vous avez des commentaires concernant sa qualité, veuillez nous en informer en utilisant le formulaire au bas de cette page.

Contenu de l’article

Symptômes

Note:
  • As of February 2021, Dell Encryption Enterprise for Mac has reached End of Maintenance. This product and its articles are no longer updated by Dell.
  • As of May 2022, Dell Endpoint Security Suite Enterprise has reached End of Maintenance. This product and its articles are no longer updated by Dell.
  • As of May 2022, Dell Threat Defense has reached End of Maintenance. This product and its articles are no longer updated by Dell.
  • For more information, reference Product Life Cycle (End of Support / End of Life) Policy for Dell Data Security. If you have any questions on alternative articles, either reach out to your sales team or contact endpointsecurity@dell.com.
  • Reference Endpoint Security for additional information about current products.

System Integrity Protection (SIP) was hardened in macOS High Sierra (10.13) to require users to approve new third-party kernel extensions (KEXTs). This article explains how to allow Dell Data Security kernel extensions for the macOS High Sierra and later.

Affected Products:

Dell Endpoint Security Suite Enterprise for Mac
Dell Threat Defense
Dell Encryption Enterprise for Mac
CrowdStrike Falcon Sensor
VMware Carbon Black Cloud Endpoint

Affected Operating Systems:

macOS High Sierra (10.13) and Later

Users will encounter this security feature if:

  • Performing a new install of:
    • Dell Threat Defense
    • Dell Endpoint Security Suite Enterprise
    • Dell Encryption Enterprise for Mac
    • CrowdStrike Falcon Sensor
    • VMware Carbon Black Cloud Endpoint
  • SIP is enabled.

Users will not encounter this security feature if:

  • Performing an upgrade of:
    • Dell Threat Defense
    • Dell Endpoint Security Suite Enterprise
    • Dell Encryption Enterprise for Mac
    • CrowdStrike Falcon Sensor
    • VMware Carbon Black Cloud Endpoint
  • SIP is disabled.
Note: For information about managing SIP, reference How to Disable System Integrity Protection for Dell Data Security / Dell Data Protection Mac Products.

Cause

Not applicable.

Résolution

If SIP is enabled on macOS High Sierra or later, the operating system experiences an extension block alert post install of Dell Endpoint Security Suite Enterprise, Dell Threat Defense, Dell Encryption Enterprise for Mac, CrowdStrike Falcon Sensor, or VMware Carbon Black Cloud Endpoint.

System Extension Blocked

Note: Dell Encryption Enterprise for Mac may have up to two extension block alerts from:
  • Dell Inc, formerly Credant Technologies
  • Credant Technologies
  • Benjamin Fleischer (if Encryption External Media policy is enabled)

Approving the extension differs depending on the version of macOS installed. For more information, click the appropriate operating system.

With the advent of system extensions in macOS Big Sur, there are instances when Kernel Extensions may not be properly loaded on new installations of applications. Applications that were installed before the upgrade to macOS Big Sur should have the kernel extensions pre-imported.

If applications are failing to properly start, the TeamID for the application may be manually entered outside of the operating system.

To manually inject the team ID:

  1. Start up the affected Mac in recovery mode.
Note: For more information, reference About macOS Recovery on Intel-based Mac Computers: https://support.apple.com/en-us/HT201314  external link.
  1. Click the Utilities menu and then select Terminal.
  2. In Terminal, type /usr/sbin/spctl kext-consent add [TEAMID] and then press Enter.
Note:
  • [TEAMID] = The Apple TeamID for the product being installed
  • Apple TeamIDs:
    • Dell Endpoint Security Suite Enterprise: 6ENJ69K633
    • Dell Threat Defense: 6ENJ69K633
    • Dell Encryption Enterprise: VR2659AZ37
      • Dell Encryption External Media: 3T5GSNBU6W (v10.1.0 and earlier)
      • Dell Encryption External Media: VR2659AZ37 (v10.5.0 and later)
    • CrowdStrike Falcon Sensor: X9E956P446
    • VMware Carbon Black Cloud Endpoint: 7AGZNQ2S2T
  • For example, if VMware Carbon Black Cloud Endpoint must be manually added, type /usr/sbin/spctl kext-consent add 7AGZNQ2S2T and then press Enter.
  1. Close the Terminal app and restart into macOS.

To approve the extension:

  1. Log in to the affected Mac.
  2. In the Apple Dock, click System Preferences.

System Preferences

  1. Double-click Security & Privacy.

Security & Privacy

  1. Under the General tab, click Allow to load the KEXT.

Allowing the KEXT

Note: The Allow button is only available for 30 minutes post installation. Until the user approves the KEXT, future load attempts cause the approval UI to reappear, but do not trigger another user alert.

An Apple management solution (such as Workspace One, Jamf) can use an Apple TeamID to suppress user approval of a KEXT.

Note:
  • Apple TeamIDs:
    • Dell Endpoint Security Suite Enterprise: 6ENJ69K633
    • Dell Threat Defense: 6ENJ69K633
    • Dell Encryption Enterprise: VR2659AZ37
      • Dell Encryption External Media: 3T5GSNBU6W (v10.1.0 and earlier)
      • Dell Encryption External Media: VR2659AZ37 (v10.5.0 and later)
    • CrowdStrike Falcon Sensor: X9E956P446
    • VMware Carbon Black Cloud Endpoint: 7AGZNQ2S2T
 
Warning: Allowlisting an Apple TeamID will automatically approve any application that is signed by that ID. Use extreme caution when allowlisting an Apple TeamID.

To verify an endpoint’s allowlisted Apple TeamIDs:

  1. On the endpoint, open Terminal.
  2. Type sudo kextstat | grep -v com.apple and then press Enter.
  3. Populate the superuser Password and then press Enter.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

 

Informations supplémentaires

 

Vidéos

 

Propriétés de l’article

Produit concerné

Dell Threat Defense, Dell Endpoint Security Suite Pro, Dell Endpoint Security Suite Enterprise

Dernière date de publication

11 janv. 2023

Version

15

Type d’article

Solution

Haut de la page