Hello
We are developing an application which using System Extension and all works as excepted, exclude one important thing - during the application launch we receive a system notification that System Extension is Blocked and we need to Allow it via System Preferences -> Security & Privacy (it require an admin password).
So the question: Does it possible to avoid this behaviour? It's really very annoying customers to perform this actions by themselves.
Our distribution flow is typical:
- We distribute application as a PKG
- Before distribution we notirize PKG installer and App (zip it and send to Apple Notarization Service via terminal) - notirize is passed and archives approved by Apple
- We are using Developer ID and manual signature in XCode for all components of application (main app, extension, cli daemon app)
I tried zip system.extension and send it to notirize service and staple it after that. I saw that it notirized successfully but on first launch when app trigger System Extension installation macOS show popup that "System Extension Blocked"
When user allow this System Extension macOS will ask him that application would like to add proxy configuration - it's okay, but Blocked System Extension is a real problem. We want to provide a better user experience and if it's possible it will be good to solve this issue.
If somebody can assist or give us an accurate explanation that it's not possible and System Extension will be blocked in all cases I will be really glad. I can provide any additional information, if it required.
Our screenshot:
P.S. As I know there are many applications have got the same problem, for example I am as a user have got this behaviour for Cisco AnyConnect - I need to allow it in System Preferences on first launch 😢
So the question: Does it possible to avoid this behaviour?
@mdolan is correct, the only way to automatically allow this prompt is by using a MDM profile that contains the SystemExtensions payload.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com