System Extension Blocked - but can't allow extension

Hi, there is a fast solution for this "allow button problem" and is that you can disable the allow kernel extension mess.

You should boot your OsX in Recovery Mode (Restart, and press Command R)

When you are in Recovery Mode, go to the menu bar and open a Terminal and run the next command:

$spctl kext-consent disable

Then reboot the OsX normally. All the mess are gone and all the kext are loaded as usual.

Reseting the NVRAM will revert this changes!

😀

My migration failed due to an old driver (Silicon Image 3132 PCIe eSATA card), resulting in a disturbing reboot loop until I turned off my external disk.

That installation interruption, I think, resulted in a corrupted Kernel Extension db. At least, sqlite3 didn't like the file very much. When you list the tables in that file, what's SUPPOSED to happen is this:

$ echo .tables | sqlite3 /private/var/db/SystemPolicyConfiguration/KextPolicy

kext_load_history_v3 kext_policy

I got the error: "database disk image is malformed"

I was able to fix this by booting into Recovery mode (cmd-R when the system comes up), moving the KextPolicy db out of the way in the Terminal app, and re-installing High Sierra.

Details: Once the system was up in recovery mode, I fired up the Terminal app (under "Utilities") and did this:

# cd /Volumes/System\ Drive/private/var/db/SystemPolicyConfiguration

# mv KextPolicy /Users/Shared

# mv migration.plist /Users/Shared

(Note: your system drive might be named something other than "System Drive". Also, I just wanted to make a backup of the files someplace where the installation process won't clobber them.)

I then quit the Terminal app and just re-installed High Sierra. 55 minutes later (or there abouts) I was able to list the tables in the KextPolicy db AND, best of all, VMWare fusion worked and no other Kext complaints were in evidence.

You can search the Internet for things like "SystemPolicyConfiguration" or "sqlite3 'database disk image is malformed'" to get a bunch of background info about this.

But, that said, I'll probably spend some part of my Christmas long weekend reinstalling this guy from scratch.

We had a similar issue here.

Our mac was controlled via "Screen Sharing". The popup that the "Allow" or "Allow..." button is meant to start doesn't appear when the button is pressed over Screen Sharing. Plugging in a hardware mouse and monitor allowed us to open the pop up sheet and allow the extensions. I have reported this bug RADR 35666776.

I managed to fix this issue. You'll have to disable SIP to let the Kext load without any interference.

Steps to disable SIP:

1. Boot into recovery mode (Hold CMD + R during booting process).

2. Open terminal and enter the following command: csrutil disable

3. Reboot the system. This should allow the kernel extensions to load without any interference.

(Re-enable SIP using csrutil enable)

This is clearly not the safest way to fix this, but it worked for me. I wasted many weeks because of this issue. It's truly sad that macOS has become less developer-friendly over the years.

Hello,

I have the same problem with vmware and paragon at job today. After lot of search eventually could fix with a NVRAM reset.Not at job before 10hours so if somebody could try and give feedback, that could be cool.

Ty

I have been having an issue installing an Antivirus package. The Allow button was showing but clicking on it wouldnt work. To fix the problem I created a new administrators user account and have now been able to "allow" the application in Security & Privacy from within that account. I am no expert but am wondering if the existing profile now has some conflict since upgrading to High Sierra.

Well, you can also consent to the specific extension(s) from recovery mode, but you need to know the team ID. The solution comes courtesy of Parallels (http://kb.parallels.com/124289) but should work for anyone, who is willing to give you the team ID.

Wow... thanks for the tip to about the screen sharing. Once I logged in directly I could click "allow". It seems Apple was smart enough to not accept screen sharing clicks on "Allow" ( which maybe is good for protection against remote attacks ) but not smart enough to gray the button or reroute it to a pop up that explains you can't do this.

I was wondering why I couldn't press "Allow" on my new iMac Pro and thought it had to do with special security on that machine, but it was just this issue. The error message in the console app whenever I tried to press allow via screen sharing was, "dcom.apple.preference.security.remoteservice Dropping mouse down event because sender's PID isn't 0 or self". In person there was no problem. A popup notification would have been helpful!

@johnpalmedina

I know the original issue was posted last year but this just happened to me. I am on OSX 10.13.3 and recently updated my AVG antivirus that required a kernel extension. I clicked and clicked on the privacy and security ALLOW the AVG to load a kernel extension but nothing happened. Until I found this article and noticed that I too was using MAGICPREFS. I quit MAGICPREFS and then clicked ALLOW in the privacy and security prefs. Worked like a charm. Thanks

Oh Apple get your stuff working some day, please! Every single last update made our life worse. Cannot even click on okay when connecting from a so called Apple server.

How on earth shall an external IT company deliver support on this crap?

I can't believe this actually worked!!!

I was struggling with this for ever, and I did not want to disable sip and extension verification.

I mean I get security, but this is beyond ridiculous. To disable a GUI function, which can than be easily hacked with a script like this is just about as dumb as it gets.

Brilliant, thanks, this worked for me! Although I didn't reinstall OS X after making the above changes, as it appears that the database is re-created if it's not found during the next boot.

Thanks a lot for the help!

Hi Max,

Apple doesn't state it's secure. They have it disabled for a reason, such as installing third party security software which usually embeds other unnecessary and/or harmful malware....the third party software, for example, typically doesn't play well with Macs due to the design & especially with the heightened security within High Sierra. I would never put Norton, AVG, Avast, etc on my Mac. I've vseen the effects of such on Macs & it's not good. However, I'd feel comfortable with certain third party peripherals as long as there's no additional software from sources I don't trust, etc.

An external mouse that's compatible with the Mac however is usually fine, as is the case here.. it's just the third party software that sometimes accompanies it, that sets off a flag to the system or simply the fact that it's by an unidentified developer or a third party.

Thus, the workaround that a user posted here, assists in this manner.

Take care

This worked beautifully for me even on the same-desktop use where it was otherwise not working. (I'd disabled everything I could find such as BetterTouchTool and it still wasn't working.)

I found that if I moved the system window to the very top left of the screen the click point needed was:

tell application "System Events" to click at {576, 458}

Pro tip: I got this location by pressing Command-Control-Shift-4 which triggers the system to prepare to take a screen shot. Your cursor will turn to crosshairs with the pixel point you need shown with it.

Thanks Daniel for the tip off on this one!