Ah yes, this one looks fairly familiar thanks for pointing me to it. If I follow it correctly it seems the current workaround available is to unload and reload the system extension? Our app (and a few other things) are distributed by .pkg rather than a dmg drag-n-drop install. Installing system extensions is done by our host app's main binary. We install a LaunchAgent that detects that installation needs to take place and triggers an app launch via NSWorkspace in a user's session. Most customers perform the pkg installation via Fleet Management (like Jamf), I suppose it's possible they are doing this outside a user session which could cause some problems? Is there anything we can provide that would let Apple do further diagnostics on this? Most of our customers probably wouldn't notice since they manage system extension permissions via MDM, but for those few working without this, the user experience is pretty sub-optimal.