Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
This article provides information about notarized kernel extensions, which Apple is requiring for use in the macOS 10.14.5 update.
Applies to the following Sophos product(s) and version(s) Central Mac EndpointSophos Anti-Virus for Mac OS X
Operating systems MacOS 10.14.5+
Notarized Kernel Extensions are an additional security layer for all non-Apple kernel extensions that Apple has added as required in macOS 10.14.5. If a Kernel Extention (kext) is not Notarized, it will not be loaded. Sophos uses several kernel extensions for our file and web interceptions. This process requires kernel extension be submitted to Apple to be signed by them, in addition to the developer signing. Apple then stores a copy of this signing as well.
As part of this, any kernel extensions signed after April 7th must be notarized, or will not be loaded by macOS 10.14.5 and above. This means that older versions of SAV for Mac OS X and Mac Endpoint Security are not impacted by this change (9.8.2 and below) by Apple.
In order to prevent compatibility issues, Apple allows kernel extensions to be submitted to them for notarization, even if they are already in the wild. If one of these kernel extensions attempts to load, macOS will reach out to Apple to confirm that it has been notarized (Requires internet connection).
Sophos has submitted our kernel extensions from 9.8.3, 9.8.4 and 9.9.0 to Apple in this manner to allow for approval after online check. During installation, you may get a message after approving the kernel extension stating "System Extension Warning - One or more system extensions that you have approved will be incompatible with a future version of macOS". This message is just a warning, and not an issue.
Sophos is adding fully notarized kernel extensions in future versions, which will not trigger this message or require the online check with Apple.
Upgrades to macOS 10.14.5 with Sophos already installed will not display any messages, but will still perform the online check with Apple.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.