Mac is not protected after F-Secure SAFE installation

SystemSystem Posts: 25 Explorer
This discussion was created from comments split from: MAC IT IS NOT PROTECTED WITH F-SECURE SAFE.

Answers

  • IngyHereIngyHere Posts: 6 Observer

    This didn't work for me, none of it. I verified that 6KALSAFZJC was in the approved dev list with spctl kext-consent list. Unfortunately, it wouldn't show up anywhere the General tab in Security & Privacy under Mojave. I am without protection, it seems.

  • ArthurValArthurVal Posts: 70 F-Secure Employee

    Hello, @IngyHere

    Could you please launch Terminal app which is located in Applications/Utilities folder on your Mac and run the command below. Terminal app may ask you to provide the administrator password. Please enter it if requested.

    sudo kextutil -tn /Library/F-Secure/Extensions/fsauth.kext
    

    Please share the output of that command. Thanks in advance!

    Best regards, Arthur

    SAFE Mac R&D Team


    Ukko
  • IngyHereIngyHere Posts: 6 Observer

    $ sudo kextutil -tn /Library/F-Secure/Extensions/fsauth.kext

    Error making temporary directory: 1

    Memory allocation failure.

    Unable to stage kext (/Library/F-Secure/Extensions/fsauth.kext) to secure location.

  • ArthurValArthurVal Posts: 70 F-Secure Employee

    @IngyHere, thanks!

    It looks like macOS fails to load 3rd party kernel extensions including ours on your machine due to internal misconfiguration. Let's try the steps below

    1. Boot into Recovery Mode by holding down Command(⌘)-R during boot.
    2. From the top line of options, select Utilities -> Terminal.
    3. Run the following command: chflags -R restricted "/Volumes/Macintosh HD/private/var/db/KernelExtensionManagement"
    Note: the volume name may differ if it was changed from the default name of "Macintosh HD".You might have to adjust the path above accordingly. 
    4. Restart your computer.
    

    Please let me know if that helped. Thanks.

    BR, Arthur


    LucaseuropaIngyHere
  • RosaKlebbRosaKlebb Posts: 2 New Member

    Catalina v. 10.15.7 user here. I've experienced persistent and recurring problems (started out of nowhere)

    with real-time scanning during the past weeks.

    1) The instructions given in  MAC IT IS NOT PROTECTED WITH F-SECURE SAFE. didn't work for me either.

    2) 6KALSAFZJC is in the approved dev list with spctl kext-consent list

    3) I ran " sudo kextutil -tn /Library/F-Secure/Extensions/fsauth.kext" command, and got c 5 pages of output, see the attached file kext_29012021.pdf.

  • ArthurValArthurVal Posts: 70 F-Secure Employee

    Hi, @RosaKlebb

    Could you please share what version of SAFE you are currently using? You can see the version in the dropdown menu by clicking on the SAFE icon in the menubar.

    The latest versions of SAFE do not rely on kernel extensions for real-time scanning when running on macOS Catalina. So this could be an issue unrelated to the steps shared above and that thread. Those steps are aimed to troubleshoot issues on macOS Mojave and lower macOS versions.

    We might need to investigate separately. Thanks.

    Best regards, Arthur

    SAFE Mac R&D Team


  • RosaKlebbRosaKlebb Posts: 2 New Member

    Hi @ArthurVal & thanks for your response!

    I'm using Safe version 17.10 (36018)

    /rosa

  • ArthurValArthurVal Posts: 70 F-Secure Employee

    @RosaKlebb, ok. That's good. Then indeed, we are dealing with the latest released version of SAFE so the steps above do not apply here.

    Could you please share the issue you are facing in a bit more detail for me to possible pinpoint the root cause of this behavior? Is there any message in the main UI window of SAFE? Could you share a screenshot in this case?

    Or the real-time protection is failing in some other way?

    Usually, troubleshooting of real-time protection requires additional diagnostic information that can be collected with the Support Tool app that we ship with SAFE (it is located in the same directory). It would be of much help if you could run it, collect SAFE diagnostics and share it with our support. It's best not to upload it directly here as it contains detailed diagnostic information about your computer and the SAFE installation. Thanks in advance.

    BR, Arthur


  • IngyHereIngyHere Posts: 6 Observer

    Back to this thread. ... Thank you @ArthurVal! I ran the steps provided ('chflags -R restricted "/Volumes/..."') , and the issue appears to be resolved. Assistance is much appreciated. BTW given this problem is there be anything else I should look out for now? Thanks again.

    ArthurValLucaseuropa
  • ArthurValArthurVal Posts: 70 F-Secure Employee

    @IngyHere, great to hear the issue is solved for you!

    I'd watch out for any messages that SAFE might display in its UI. It is usually able to detect possible issues that prevent it from operating as designed. It's kind of hard to advise what specifically to look out for in relation to this issue. It gets reported to us once in awhile. But unfortunately, the issue is completely on macOS side and thus, the shared steps cannot be automated from SAFE side as they require user interaction and booting into macOS Recovery Mode. And the issue affects all software that relies on kernel extensions to operate (as SAFE for real-time protection).

    We have made significant changes to avoid similar situations from happening in the latest SAFE release. SAFE does not require kernel extensions to operate when it's running on macOS Catalina and macOS Big Sur. It relies on new APIs provided by Apple that improve usability and setup process without loss of functionality.

    So my advice would to also upgrade to the latest macOS version (Catalina or Big Sur) if it's possible in your case. We managed to eradicate a whole class of similar issues to this one and make SAFE more resilient and stable.

    BR, Arthur


    LucaseuropaJaims
Sign In or Register to comment.