Starting with the 10.13.2 update for macOS High Sierra, a new security feature requires users to approve new applications that interact with the kernel, a core part of the operating system. CylancePROTECT Home Edition, like many other antivirus products, will now require additional steps to install on the latest versions of macOS.
Note: This should only affect new installations of the CylancePROTECT Agent on macOS High Sierra version 10.13.2 (and higher). This should not affect Agents already installed on macOS systems that were then upgraded to macOS High Sierra version 10.13.2 (and higher).
For help on finding what macOS version you are using, please read What's my macOS Version?
This new security feature in macOS High Sierra requires you to manually approve new applications that require access to the kernel, through something called Kernel Extensions. When installing CylancePROTECT on macOS High Sierra for the first time, you might see the following message:
Figure 1: User alert to allow new kernel extension
To approve the extension and continue with the installation:
- Click the Open Security Preferences.The Security Preferences window will open.
- If you don't see this message, click the Apple icon in the left corner of your screen and select System Preferences.
- Click Security & Privacy. The Security & Privacy window will open and the General tab should display.
- Click Allow. The Allow button is next to the statement "System software from developer "Cylance, Inc." was blocked from loading."
Figure 2: Approved UI for new kernel extensions
After allowing CylancePROTECT to access the kernel, the installation process will finish and CylancePROTECT Home Edition will run.
Things to Know:
- The User Alert (Figure 1) and the Application Approval Option (Figure 2) will only be available for 30 minutes after attempting to install the product. This behavior is by design, according to Apple's documentation.
- If you wait longer than 30 minutes or cancel the installation, the User Alert will not be shown again. Only the Application Approval Option will re-appear in the Security & Privacy screen (Figure 2).
- If the Allow button is no longer available, perform one of the following actions to make the Allow button re-appear.
- Uninstall and re-install the CylancePROTECT Agent.
- Open Application > Utilities > Terminal and run the following command:
sudo kextload /System/Library/Extensions/CyProtectDrvOSX.kext
- After performing one of the above actions, go to System Preferences > Security & Privacy. Click the Allow button to allow loading the CylancePROTECT Agent extension.
- If you do not approve the extension, the Cylance shield icon will show a red dot. If you click on the Cylance shield icon and choose Show Details, you will see the message "Driver Failed To Connect, Device Not Protected." While in this state, the CylancePROTECT Agent is not providing system protection.
Figure 3: CylancePROTECT cannot protect the system when Kernel Extensions are not allowed.