• Install & Activate
  • Troubleshooting
BEST Antivirus KBS : Largest Anti-Malware Knowlegde Base and Support
  • Install & Activate
  • Troubleshooting

Troubleshoot kernel extension issues in Microsoft Defender for Endpoint on macOS

/Troubleshoot Problems / Troubleshooting Microsoft / Troubleshooting Microsoft Endpoint / Microsoft for MAC / Troubleshoot Problems / Troubleshooting Microsoft / Troubleshoot Problems / Troubleshooting Microsoft / Troubleshooting Microsoft Endpoint / Troubleshoot kernel extension issues in Microsoft Defender for Endpoint on macOS
  • December 23, 2021
  • BEST Antivirus Staff 2
  • Troubleshooting Microsoft / Microsoft for MAC / Troubleshooting Microsoft Endpoint

Contents

  1. Managed deployment
  2. Manual deployment
    1. Source : Official Microsoft Brand Editor by : BEST Antivirus KBS Team
0
(0)

This article provides information on how to troubleshoot issues with the kernel extension that is installed as part of Microsoft Defender for Endpoint on macOS.

Starting with macOS High Sierra (10.13), macOS requires all kernel extensions to be explicitly approved before they’re allowed to run on the device.

If you didn’t approve the kernel extension during the deployment/installation of Microsoft Defender for Endpoint on macOS, the application displays a banner prompting you to enable it:

RTP disabled screenshot.

You can also run mdatp health. It reports if real-time protection is enabled but not available. This indicates that the kernel extension isn’t approved to run on your device.

Bash

mdatp health
Output

...
real_time_protection_enabled                : false
real_time_protection_available              : true
...

The following sections provide guidance on how to address this issue, depending on the method that you used to deploy Microsoft Defender for Endpoint on macOS.

Managed deployment

See the instructions corresponding to the management tool that you used to deploy the product:

  • JAMF-based deployment
  • Microsoft Intune-based deployment

Manual deployment

If less than 30 minutes have passed since the product was installed, navigate to System Preferences > Security & Privacy, where you have to Allow system software from developers “Microsoft Corporation”.

If you don’t see this prompt, it means that 30 or more minutes have passed, and the kernel extension still not been approved to run on your device:

Security and privacy window after prompt expired screenshot.

In this case, you need to perform the following steps to trigger the approval flow again.

  1. In Terminal, attempt to install the driver. The following operation will fail, because the kernel extension wasn’t approved to run on the device. However, it will trigger the approval flow again.
    Bash

    sudo kextutil /Library/Extensions/wdavkext.kext
    
    Output

    Kext rejected due to system policy: <OSKext 0x7fc34d528390 [0x7fffa74aa8e0]> { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" }
    Kext rejected due to system policy: <OSKext 0x7fc34d528390 [0x7fffa74aa8e0]> { URL = "file:///Library/StagedExtensions/Library/Extensions/wdavkext.kext/", ID = "com.microsoft.wdavkext" }
    Diagnostics for /Library/Extensions/wdavkext.kext:
    
  2. Open System Preferences > Security & Privacy from the menu. (Close it first, if it’s opened.)
  3. Allow system software from developers “Microsoft Corporation”
  4. In Terminal, install the driver again. This time the operation will succeed:
    Bash

    sudo kextutil /Library/Extensions/wdavkext.kext
    

    The banner should disappear from the Defender application, and mdatp health should now report that real-time protection is both enabled and available:

    Bash

    mdatp health
    
    Output

    ...
    real_time_protection_enabled                : true
    real_time_protection_available              : true
    ...
    


Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 9 times, 1 visits today)
Tagged: Fix MicrosoftFix Microsoft for EndpointFix Microsoft for MAC

Related Articles

  • All about Microsoft

  • Microsoft Defender for Business (preview) troubleshooting

  • Support and troubleshooting Microsoft Defender for Cloud Apps

  • Troubleshooting – What is *.cas.ms, *.mcas.ms, or *.mcas-gov.us? (Microsoft)

  • Troubleshooting access and session controls (Microsoft)

  • Troubleshooting the SIEM agent (Microsoft)

ask or enter a search term

Top Rated Posts

5 (1)

Identity Protection – Enrolment/Registering (TotalAV)

5 (7)

[KB2885] Download and install ESET offline or install older versions of ESET Windows home products

5 (1)

Base Filtering Engine not found (Kaspersky)

5 (1)

Installing on iPhone & iPad

5 (1)

[KB7857] Set up an HTTPS/SSL connection for ESET PROTECT (8.x) Linux

About

We are BEST Antivirus , Trusted Comparison and Cheap Antivirus Software 2020. KBS is Knowledge Base and Support : This page was created to guide customers through the installation and to resolve all the common errors of anti-virus software.

Partners

› Avast
› AVG
› BitDefender
› ESET
› Trend Micro
› All Partners

Resources

› Store
› Advertise
› Brand Reviews
› Review Platforms
› Contact Page
› Knowledge Base

  • Install & Activate
  • Troubleshooting
© Copyright by BEST Antivirus by SSG Limited