System Extension Blocked - but can't allow extension

There is a workaround for this. It isn't a great workaround, security-wise, but it does get you back to the behavior of macOS 10.12. Basically, you can turn off the security feature requiring user approval of Kernel Extensions.

First, boot into Recovery Mode by rebooting and pressing and holding command-R as soon as you see the Apple logo. On my machine, I had to hold command-R for quite a while, at least 60 seconds.

Eventually you will see a screen that gives you a couple of options, including reinstalling or running Disk Utility. If you look at the top of the screen, where the Apple menu would ordinarily be, you will see a "Utilities" drop-down menu. Click on that and select Terminal. A window will open up that allows you to type text-based terminal commands.

You will see a "$" prompt in the terminal window. Type the following:

spctl kext-consent disable

then press Return. You should see:

Kernel Extension User Consent: DISABLED

Please restart for changes to take effect.

Then reboot your Mac, and you should be good. You will no longer see the notification panes telling you a Kernel Extension was blocked; they will all be automatically allowed, just as they were in macOS 10.12.

I would recommend waiting until 10.13.1 or 10.13.2 to see if the issue gets fixed, and then undoing this fix by repeating the same steps, but typing

spctl kext-consent enable

instead.

For more information, see the following website:

User Approved Kernel Extension Loading… – Pike's Universum

Finally figured it out.

System Preferences ----> Firewall Tab ----> "Click the lock to make changes" ----> Firewall Options... ----> Click + to add incoming connection ----> Note the name of the app that is in the message that keeps popping up, and add that app from your application list ----> Click OK

This was it! Clicking "Allow" over Screen Sharing doesn't work so I pulled out Script Editor and

tell application "System Events" to click at {890, 460}

Point values may of course vary. Find them by taking a screenshot, opening it in Preview and doing a selection from the upper left corner to the button.

For anyone using Synergy remote keyboard and mouse from Symless, this also applies to us: the remote mouse cannot click the "Allow" button.

Because of security reasons pressing the Allow button won’t take effect if you are connecting to the machine via Remote Desktop, or if the mouse/trackpad is emulated by a 3rd party application (MagicPrefs, BetterTouchTool, Synergy, etc.)

I have a third party app MagicPrefs. Which allows some additional controls to my mouse gestures, I had to disable this in order for the system to recognize the click on the allow button.

Hope this helps anyone with the the same issues.

Thank you for sharing this - this fixed it for me.

I had a few third party apps such as vmWare and Paragon NTFS for Mac - something must have corrupted the DB during my upgrade to High Sierra and it was still a problem when I upgraded to Mojave.

Followed those steps and it works now :) Saved me from a time consuming reboot so thanks!

I have a similar issue. The difference in my situation is that the Allow button (for the extension) is there, but clicking it did nothing. The message, regarding the blocked Vmware extension is still displayed.

I also did a restore of High Sierra, have uninstalled VMware 10.0.1 (and remove all preferences and cache files) and reinstalled several times.

No luck. I also contacted Apple support. We tried several things, including copying the kext files into the system extensions directory. Nothing worked.

The only recommendation I have from VMware is to disable SIP. Currently I am not willing to do that.

Hoping a solution presents itself soon.

Mike

I bought a USB device that I cannot use due to this bug.

Now I can't install VirtualBox because of the same problem.

I'm physically in front of my iMac and I can't click the "allow" button.

It seems the only option is disabling SIP.

This problem is really degrading the Mac experience.

Hello robGTR,

This is part of Apple's effort to "discourage" kernel extensions and move macOS more towards iOS. What you are describing definitely sounds like a bug. Supposedly, you get an alert and then you have 30 minutes to approve the extension. If an app later tries to load the extension again, you will get another 30 minute window to approve, but no more alerts. Supposedly, any extensions that were already installed before the upgrade will be automatically approved. I'm getting all of this from Apple's own Tech Note: https://developer.apple.com/library/content/technotes/tn2459/_index.html

In practice, in 10.13.0, the process is really buggy. For one thing, Apple is expecting 3rd party kernel developers to properly handle a failure to load the kernel and then give the user some feedback. Good luck waiting for that to happen.

I don't necessarily disagree with (my interpretation of) Apple's approach. A kernel extension is really a modification of the operating system by someone who, in almost all cases, doesn't know how to do that properly. For example, when Parallels stopped working in 10.9.3 (I think), due to a kernel extension I think, I switched to VMWare. I run Mac guests exclusively. That ran fine for a few years but Yosemite and later versions were virtually unusable in a VM. Then, Parallels released Parallels Desktop Lite in the Mac App Store, using the hypervisor instead of kernel extensions. I was just blown away by how much faster it is. And it is free, because I only run Mac VMs. 🙂

I'm not going to apologize for Apple or even recommend High Sierra. I'm still running Sierra on my primary machine and I intend to continue doing that until June, 2018 at least. I didn't update to Sierra until May of this year and even then I got hit by a nasty bug that wasn't fixed until 10.12.6, two weeks later. Apple has a huge amount of leverage due to their total control over the platform. You can complain about it if you want, but it won't do any good. Whether by accident or design, this is way things are going. It is better to support the developers who recognize this and are trying to continue to support their users in the environments of the future.

I have experienced with some of our users the same problems clicking on the allow button even in front of the Mac. What does seem to work a lot more reliably but is not suitable for many people is using an MDM system and pushing out a profile to 'whitelist' either individual Kernel Extensions or particular manufacturers team ids. See Prepare your institution for macOS High Sierra 10.13.4 - Apple Support

I therefore whitelist all the most likely manufacturers i.e. VMware, Parallels, VirtualBox aka Oracle, Sophos, Sonnet Tech, Highpoint, ATTO, Tunnelblick and so on.

This article discusses how to find the team ids and bundle ids. See - User Approved Kernel Extension Loading… – Pike's Universum

What I regard as incredibly stupid on Apple's part is that macOS as standard includes Kernel Extensions for Sonnet Tech, ATTO and Highpoint and yet these also are not trusted even though they are built-in to macOS.

I spent a few hours with tech-support because I have this very same problem. Prevents me from seeing my 24 TB Thunderbolt 3 Lacie Big 6storage among other things because I cannot load the necessary extension since the option to allow does not appear. Affects sound recording too in Screenflow 7.1 (Cannot load computer audio driver). The senior support tech and I were unable to solve the problem and they will get back to me on Friday with an update (case ID ***********). At least I know I am not alone in this. Very frustrating.

Good evening Rob,

I just tested a couple of my VMWare Fusion VMs, and did not experience your issue, however I did notice that there is a new release of VMWare Fusion (10.0) available. Have you contacted their support to ask if your specific issue might be addressed in the update?

Any word on this yet?

I spent over an hour on the phone with Apple Care yesterday, the two guys who tried to help me were stumped. They hadn't encountered this issue before, had some great ideas on the cause and possible solutions, but we were unable to fix it.

I ended up setting up some steps with the second line guy, I would go through and report back with the results.

We are pretty sure the MacOS installation is messed up in some way, which is weird since I already reinstalled it through a recovery boot, if a bit fell over during download or installation, a reinstall should have fixed it, but it didn't.

So I grabbed a USB hard drive, and installed MacOS on that, which works flawlessly. No issues whatsoever.

The next step I am currently working on is putting back a Time Machine back-up through recovery boot, to see if that fixes things.

If that doesn't work the last option the guys saw was to just do a clean install and take all my files out of the back-up and put them back manually.

I'm currently working on the back-up restore part, but when I wanted to start on that I came across another issue. Time Machine hasn't been making back-ups since High Sierra was installed! It couldn't. If I told it to make a back-up it would start the process, say "preparing" and hang there. I was also unable to open the back-up folder on the Time Capsule, I could connect to the Time Capsule, saw the back-up folder for my iMac, but opening it was impossible.

So I had to find a large enough USB Hard drive, spread all the files on it over my macbook and a few smaller drives so I can use this large one for a new full 1TB back-up, which has been running for over 7 hours and is about halfway done :/

So I'm hoping to restore that back-up overnight and wake up to a fully functioning machine, but I am afraid it won't do anything and I'll have to go the nuclear route tomorrow and do a clean install...

Any updates on your situations would be great, we might be able to help each other out.