Starting with the 10.13.2 update for macOS High Sierra, a new security feature requires users to approve new applications that interact with the kernel, a core part of the operating system. Cylance Smart Antivirus, like many other antivirus products, will now require additional steps to install on the latest versions of macOS.
Note: This should only affect new installations of the Cylance Smart Antivirus Agent on macOS High Sierra version 10.13.2 (and higher). This should not affect Agents already installed on macOS systems that were then upgraded to macOS High Sierra version 10.13.2 (and higher).
For help on finding what macOS version you are using, please read What's my macOS Version?
This new security feature in macOS High Sierra requires you to manually approve new applications that require access to the kernel, through something called Kernel Extensions. When installing Cylance Smart Antivirus on macOS High Sierra for the first time, you might see the following message:
Figure 1: User alert to allow new kernel extension
To approve the extension and continue with the installation:
- Click the Open Security Preferences.The Security Preferences window will open.
- If you don't see this message, click the Apple icon in the left corner of your screen and select System Preferences.
- Click Security & Privacy. The Security & Privacy window will open and the General tab should display.
- Click Allow. The Allow button is next to the statement "System software from developer "Cylance, Inc." was blocked from loading."
Figure 2: Approved UI for new kernel extensions
After allowing Cylance Smart Antivirus to access the kernel, the installation process will finish and Cylance Smart Antivirus will run.
Things to Know:
- The User Alert (Figure 1) and the Application Approval Option (Figure 2) will only be available for 30 minutes after attempting to install the product. This behavior is by design, according to Apple's documentation.
- If you wait longer than 30 minutes or cancel the installation, the User Alert will not be shown again. Only the Application Approval Option will re-appear in the Security & Privacy screen (Figure 2).
- If the Allow button is no longer available, perform one of the following actions to make the Allow button re-appear.
- Uninstall and re-install the Cylance Smart Antivirus Agent.
- Open Application > Utilities > Terminal and run the following command:
sudo kextload /System/Library/Extensions/CyProtectDrvOSX.kext
- After performing one of the above actions, go to System Preferences > Security & Privacy. Click the Allow button to allow loading the Cylance Smart Antivirus Agent extension.
- If you do not approve the extension, the Cylance shield icon will show a red dot. If you click on the Cylance shield icon and choose Show Details, you will see the message "Driver Failed To Connect, Device Not Protected." While in this state, the Cylance Smart Antivirus Agent is not providing system protection.
Figure 3: Cylance Smart Antivirus cannot protect the system when Kernel Extensions are not allowed.