Installing Trustwave AV (Endpoint Protection) on macOS 10.13 High Sierra


This article applies to:

  • Trustwave AV (in Endpoint Protection Suite)
  • macOS 10.13 High Sierra

Question:

  • Why does Trustwave AV not enable On Access scan for new installations on macOS High Sierra?
  • Why do I see a pop-up notification "System Extension Blocked" when Endpoint Protection first attempts to update Trustwave AV on macOS 10.13?
  • How can I make Trustwave AV work on macOS 10.13?

Background:

  • Apple tech notes state: "macOS High Sierra 10.13 introduces a new feature that requires user approval before loading newly-installed third-party kernel extensions (KEXTs). When a request is made to load a KEXT that the user has not yet approved, the load request is denied."
  • To use Trustwave AV, you must approve the extension.

Procedure:

After Trustwave Endpoint Protection has been installed with the Trustwave AV module, the application begins the first update of AV.

  1. When the download of AV is complete, the application attempts to install AV including the system extension for scanning.
  2. You are prompted that a system extension is blocked. 
     

     
  3. To approve the extension, click OK, and then navigate to System Preferences > Security and Privacy.
     

     
  4. Click Allow.
  5. If more than one extension is waiting for approval, you will see a list. On the list, select Bitdefender SRL, and then click OK.

Notes:

  • Approval is automatically granted if you already had Trustwave AV installed before upgrading to macOS 10.13.
  • You only need to approve the system extension once. Future updates will not require approval.

Last Modified 6/12/2018.
https://support.trustwave.com/kb/KnowledgebaseArticle21018.aspx