macOS Mojave Security Update 2021-004 broke kext for 3rd party apps

More info.

Here is the sequence of events and screencaps to the errors.

1) Entered FS creds into VC and clicked "Mount" which gave me this prompt:

I clicked on the Open Prefs and was given the expected Sec&Priv screen, but without anything to grant permission to:

Simultaneous with Prefs opening, I get the following error on VeraCrypt:

The above is the sequence of events in the PasteBin log file.

Essentially the same error occurs with VMware Fusion, and they have a nearly day-long process to attempt to resolve it, which also fails. I will document that in another posting as soon as I can find time.

I appreciate everyone's help.

As said previously, the problem appears to be gatekeeper/kext and not the actual apps.

Reply to this posting if you need additional information or have a solution.

Also, I have rebooted numerous times, so I know that a reboot doesn't fix anything.

Thanks!

HU

Sorry this has taken so long, but to debug I have to reconfig my working system (which has SIP ignore kext). [To clarify, when I installed the 2021-004 update, it broke with SIP fully enabled. I was able to continue running my apps by disabling SIP kext protection. All this debugging is with fully enabled SIP.]

I am going to provide updates as I complete collecting information.

I tried safe mode (with SIP fully enabled) and it made no difference.

I have clean-sweep deleted all the apps and reinstalled (was already at the latest version, and yes, I have verified the GPG sigs).

I installed update 2021-005 and it made no difference either.

The root of the problem APPEARS to be gatekeeper. I get a message from the apps to give perms in gatekeeper, but nothing shows up in gatekeeper.

Here is the pastebin URL containing the error https://pastebin.com/4aV5sB7i

I ran the free version of EtreCheck and it found nothing even remotely relevant. I paid for a version a couple years back, and I need to find my license key and see if it finds anything.

More info soon.

Yes, I as I said, I was planning to report it once I found and entered my license key.

Well, I found the key and ran the report. It is attached,

I should clarify a few things:

I don't run with SIP disabled. I have SIP enabled EXCEPT for kext protection.

I use TimeMachineEditor to control backups. Etre doesn't recognize that.

I manually install updates because I need to avoid downtime caused by bugs like whatever happened here.

The logs I pastebin-ed have "<private>" details revealed by turning off the log privacy feature, so I can see detailed problem information.

My system is not under MDM management. But, I do cybersecurity for a living, and I have a rather locked-down system. (But, nothing outside of Apple's guidelines except for disabling of iWork version control--using a method that Apple recognizes and properly operates with.

I have reinstalled macOS at least 3 times while troubleshooting this problem. Each reinstall costs me a day's time to get back up and running. To wipe the system clean and reinstall, would take me several weeks (when I migrated to this MBP, it took me over a month to get it set up the way my old Mac was).

One thing you may have questions about is the /etc/sysctl.conf. It has the following control added, because TM would sometimes run for hours if the system was being used at the same time. The setting enables TM to take a larger slice of the CPU:

# /private/etc/sysctl.conf
#
# When macOS updates, it may wipe the sysctl.conf file
#
# this setting disables throttling of TimeMachine, and a few other processes
debug.lowpri_throttle_enabled=0

Please let me know if you have any additional questions.

Thanks!

HU