Bitdefender system extension blocked on macOS High Sierra (10.13) and later
Bitdefender Bitdefender Endpoint Security Tools uses macOS system extensions (also known as kernel extensions) to ensure protection cannot be tampered with and to provide Content Control and Device Control functionality.
Starting with macOS High Sierra (10.13), user approval is required for loading kernel extensions. Until the user approves the Bitdefender kernel extensions, Bitdefender Endpoint Security Tools tamper protection, Content Control and Device Control modules will not work. Also, Bitdefender Endpoint Security Tools user interface will show a critical issue.
Note
The kernel extensions do not require approval if they were installed before upgrading to macOS High Sierra or later, or they are replacing previously approved extensions.
Important
In macOS Big Sur, Apple replaced kernel extensions with a new generation of system extensions. To accommodate this change, Bitdefender Endpoint Security Tools requires additional approvals from users. For details, refer to this topic.
Issue
Immediately after a manual installation or remote deployment of Bitdefender Endpoint Security Tools on macOS High Sierra (10.13) and later, the operating system shows the System Extension Blocked warning:
Note
You may receive one or several System Extension Blocked warnings, depending on the number of protection modules installed.
If the user does not allow the Bitdefender system extensions to load, the Bitdefender Endpoint Security Tools user interface shows the You are at risk warning:
Solution
When you receive the System Extension Blocked warning:
Click Open Security Preferences (if available). Alternatively, click OK, go to System Preferences in the Dock or in the Apple menu, then click Security & Privacy.
Click Allow for the blocked system software from Bitdefender.
Note
In some situations, the Allow button may be disabled:
When you remotely access the computer.
When a remote connection is open or was recently open. To enable the Allow button you may need to restart the computer.
If you are using a third-party application to emulate mouse or trackpad, such as MagicPrefs, BetterTouchTool, Synergy. Close the application to enable the Allow button.
If you receive the notification You are at risk in the Bitdefender Endpoint Security Tools user interface:
Click View Issues.
Click Fix now to open the Security & Privacy window.
Click Allow for the blocked system software from Bitdefender.
After allowing kernel extensions from Bitdefender, the Bitdefender Endpoint Security Tools user interface will inform you that your Mac is safe.
Important
System administrators can use MDM to whitelist specific kernel extensions and thus suppress these warnings. For more details, please refer to these Apple resources:
https://developer.apple.com/library/content/technotes/tn2459/_index.html
System administrators can whitelist kernel extensions based on the Bitdefender Team ID: GUNFMW623Y. For details about using an MDM tool like Jamf Pro, refer to Whitelisting Bitdefender Endpoint Security Tools extensions using Jamf Pro 10.x.
GravityZone console does not currently provide information about Mac endpoints with unapproved Bitdefender kernel extensions. It is recommended to disable Silent Mode to make sure users can view the issue if they ignore the system prompt.