Post

1 follower Follow
0
Avatar

How to allow Syncplicity's kernel extensions for MDM-managed Mac machines (Jamf, AirWatch, etc.)

For a while, now (since macOS 10.13), kernel extensions on a Mac machine require user consent to load.

Kernel extensions do not require authorization if they meet some of the following criteria:

  • Kernel extensions were on the computer before the upgrade to macOS 10.13 or later.
  • Kernel extensions are replacing previously approved extensions.
  • Kernel extensions are allowed to load without user consent by using the spctl command while booted to macOS Recovery.
  • Kernel extensions are installed on a computer enrolled in Mobile Device Management (MDM).
  • Kernel extensions are allowed to load via MDM configuration. Starting with macOS High Sierra 10.13.2, you can use MDM to specify a list of kernel extensions that will load without user consent. This option requires a computer running macOS 10.13.2 or later which is either enrolled in MDM via Automated Device Enrollment (formerly DEP) or whose MDM enrollment is User Approved.

If you are using an MDM solution such as Jamf, you will need to safelist a few Syncplicity kernel extensions to ensure every version of the Syncplicity client for Mac works seamlessly. The following should be added to your Configuration/Policy profile in your MDM's control panel:

com.syncplicity.filesystems.syncdrive

io.macfuse.filesystems.macfuse

io.macfuse.filesystems.fs.macfuse

 

Team ID: 9MAQ4GMJ3D, Team Display name: Syncplicity, Inc

 

Instructions on how these kernel extensions can be added to your Configuration/Policy profile can be found in the documentation for your MDM solution. Instructions for the most popular MDMs can be found at the below links:

 

Jamf: https://docs.jamf.com/jamf-school/documentation/Kernel_Extensions_Safelist.html

AirWatch: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2011/macOS_Platform/GUID-AWT-MACPROFILEKERNEL.html

SimpleMDM: https://simplemdm.com/kernel-extensions-system-extensions/

Georgi Dragnev

Please sign in to leave a comment.