MichaelKaeppeli
Contributor
Contributor

Failed to save profile - macOS kernel extension & system extension

Jump to solution

Hello everybody

 

Has anyone had the issue lately, that a macOS profile (Devcie-based) failed to save, when you tried to configure kernel or system extensions?

Unbenannt.PNG

The kernel/system extension isn't even very special and I also tried an old entry to add, but could get any further. Here is one example for the Sophos-Profile I was trying:

Unbenannt1.PNG

I'm not sure what goes wrong here. Happens for kernel and for system extensions. This always worked in the past. Maybe I'm missing something with the new design...

Regards

 

btw if anyone is wondering: I was trying to implement the given settings for Sophos Endpoint deployment as described here: https://community.sophos.com/intercept-x-endpoint/f/recommended-reads/116397/sophos-mac-endpoint-how...

0 Kudos
1 Solution

Accepted Solutions
MichaelKaeppeli
Contributor
Contributor

Hello everybody

I found a way to counteract the current limitations by using vmware WorkspaceONE App Analyser for macOS (https://flings.vmware.com/workspace-one-app-analyzer-for-macos), which enables you to upload a generated profile directly into ws1. You can get all the neccessary information on the tool on the linked page above.

My piece of advice: There is an important detail to be mentionned for this usecase. I used this app on a VM to get the system extension and privacy preferences. Both will be caught fine by the tool. BUT: I had to create two seperate policies for the two payloads. If you combine both payloads into one profile it will cause a failure. If you split the payload into two profiles everything works fine.

So if you encounter similar issues, just make your profile atomic and keep one profile for each payload and try again.

Regards

View solution in original post

0 Kudos
1 Reply
MichaelKaeppeli
Contributor
Contributor

Hello everybody

I found a way to counteract the current limitations by using vmware WorkspaceONE App Analyser for macOS (https://flings.vmware.com/workspace-one-app-analyzer-for-macos), which enables you to upload a generated profile directly into ws1. You can get all the neccessary information on the tool on the linked page above.

My piece of advice: There is an important detail to be mentionned for this usecase. I used this app on a VM to get the system extension and privacy preferences. Both will be caught fine by the tool. BUT: I had to create two seperate policies for the two payloads. If you combine both payloads into one profile it will cause a failure. If you split the payload into two profiles everything works fine.

So if you encounter similar issues, just make your profile atomic and keep one profile for each payload and try again.

Regards

0 Kudos