Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

System Extension Blocked notification

peaceman

peaceman

macrumors newbie
Original poster
Sep 15, 2017
2
1
Hi, I have got this strange "System Extension Blocked "notification asking me to allow extension to load. This happened while system was stable , I didn't install any new software, driver or plug any new device to my macbook pro.
I forgot to screenshot but I've found same notification example on internet
do3o02.png

First notification forwarded me to Security & Privacy in System Preferences ; It was like
System software from developer "Legacy Developer:driver" was blocked from loading
Then I clicked Allow button.

After a minute I got second "System Extension Blocked " notification, in my macbook's Security & Privacy setting It was like; System software from developer "fang yang" was blocked from loading.
This is the actual screenshot

2n1e5jd.png


I'm really confused with these suspicious activities. I didn't allow this.
I appreciate any help to clarify this situation.
 
Last edited:
The best place to start would probably be checking out what additional software you have installed on your computer. If you control/right-click on an application, then click "Get Info", it should show you the developer in the copyright field. This may help you find what is trying to run the extension. If it's something you know is legitimate and know needs to run the extension, then you should be safe to click the allow button.

If you're concerned it is malicious, it would be a good idea to run a malware scan.
 
As above, might be malware.

Or something more benign: expired developer certificate? Not exactly sure how this works, but, programs need to be signed with a signing certificate from Apple to avoid the prompts for "Program downloaded from the internet, trust running it?" and having to disable SIP for modifying at the system level, and kernel extensions would fall into this category. Maybe you have an old program where the original developer has moved on to other things and has not renewed their Apple certificate.
 
Okay so first I did a research. I find out that Apple is trying to improve security on the mac OS, and starting with macOS High Sierra kernel extensions that are installed on macOS, will require user permission.

Kernel Permission configurations are stored at " /var/db/SystemPolicyConfiguration/KextPolicy "
This is the file where developers name and extensions listed.

b3reie.png


There was lots of sql statements, so basically it was a sqlite file.

In terminal file path to connect database:
Code: 
/usr/bin/sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy

Then tables listed with this statement:

Code: 
.tables

In Tables we have "kext_policy" table which gives enough information about developer and kernel ;

Code: 
SELECT * FROM kext_policy;

This was the developer I was looking for "Fang yang". I had Huawei 3G Modem Stick before upgrading to High Sierra.So basically this was related to that.


2s9c2fk.png
 
  • Like
Reactions: Shadow Jolteon
I got this today also. first time ever. no idea what it means and should I be worried or not?
 

Attachments

  • hp.jpg
    hp.jpg
    49 KB · Views: 2,022
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back