Symantec Endpoint Protection for Macintosh: Mac OS X 10.9 Kernel Signing Overview & Troubleshooting
Last Updated November 15, 2013
To improve Kernel Protection, Apple has mandated that third parties sign their Kernel Extensions in OS X 10.9 "Mavericks".
When a Kernel Extension is not signed, OS X 10.9 throws out a warning message to the end user:
Kernel extension is not from an identified developer
The kernel extension at "/System/Library/Extensions/SymInternetSecurity.kext" is not from an identified developer but will still be loaded.
Please contact the kernel extension vendor for updated software.
Signing can only be done using specialized kernel signing certificate -- application signing certificates cannot be used for this purpose.
Symantec provides signed kernel extensions for SEP 12.1 RU4. Default location for auto-loading the signed kernel extension is from folder at /Library/Extensions/
Symantec kernel extensions and file locations
OS X 10.8 & 10.7 - unsigned: /System/Library/Extensions/SymIPS.kext /System/Library/Extensions/SymInternetSecurity.kext /System/Library/Extensions/ndcengine.kext /Library/Application Support/Symantec/Antivirus/SymAPComm.kext
OS X 10.9 - signed: /Library/Extensions/SymIPS.kext /Library/Extensions/SymInternetSecurity.kext /Library/Extensions/ndcengine.kext /Library/Application Support/Symantec/Antivirus/Signed/SymAPComm.kext
Troubleshooting All kext related warnings and errors goes to system.log and kernel.log; search these logs with kext name as keyword
Use the kextstat command line to check if required kexts are loaded:
Use the kextutil to check if a kext is signed or not:
Maverick:~ admin$ kextutil -tn /Library/Extensions/SymIPS.kext
The booter does not recognize symbolic links; confirm these files/directories aren't needed for startup:
Dependency lacks appropriate value for OSBundleRequired and may not be availalble during early boot:
com.symantec.kext.ndcengine - OSBundleRequired not set
Personality has no CFBundleIdentifier; the kext's identifier will be inserted when sending to the IOCatalogue:
/Library/Extensions/SymIPS.kext appears to be loadable (including linkage for on-disk libraries).
Macintosh OS X 10.9
Symantec Endpoint Protection 12.1 RU4 for Macintosh
Imported Document ID: TECH212380
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe