To improve Kernel Protection, Apple has mandated that third parties sign their Kernel Extensions in OS X 10.9 "Mavericks".
When a Kernel Extension is not signed, OS X 10.9 throws out a warning message to the end user:
Kernel extension is not from an identified developer
The kernel extension at "/System/Library/Extensions/SymInternetSecurity.kext" is not from an identified developer but will still be loaded.
Please contact the kernel extension vendor for updated software.
Signing can only be done using specialized kernel signing certificate -- application signing certificates cannot be used for this purpose.
Symantec provides signed kernel extensions for SEP 12.1 RU4. Default location for auto-loading the signed kernel extension is from folder at /Library/Extensions/
Symantec kernel extensions and file locations
OS X 10.8 & 10.7 - unsigned:
/System/Library/Extensions/SymIPS.kext
/System/Library/Extensions/SymInternetSecurity.kext
/System/Library/Extensions/ndcengine.kext
/Library/Application Support/Symantec/Antivirus/SymAPComm.kext
OS X 10.9 - signed:
/Library/Extensions/SymIPS.kext
/Library/Extensions/SymInternetSecurity.kext
/Library/Extensions/ndcengine.kext
/Library/Application Support/Symantec/Antivirus/Signed/SymAPComm.kext
Troubleshooting
All kext related warnings and errors goes to system.log and kernel.log; search these logs with kext name as keyword
Use the kextstat command line to check if required kexts are loaded:
Maverick:~ admin$ kextstat | grep -i symantec 41 3 0xffffff7f807db000 0xf000 0xf000 com.symantec.kext.internetSecurity (5.2f2) <5 4 3 1> 42 1 0xffffff7f807ea000 0x70000 0x70000 com.symantec.kext.ndcengine (1.0f2) <41 4 1> 43 0 0xffffff7f8085a000 0xb000 0xb000 com.symantec.kext.ips (3.5f2) <42 41 5 4 3 1> 85 0 0xffffff7f819e9000 0x4000 0x4000 com.symantec.kext.SymAPComm (12.2f2) <41 7 5 4 1>
Use the kextutil to check if a kext is signed or not:
Maverick:~ admin$ kextutil -tn /Library/Extensions/SymIPS.kext Warnings: The booter does not recognize symbolic links; confirm these files/directories aren't needed for startup: /Library/Extensions/SymIPS.kext/Contents/CodeDirectory /Library/Extensions/SymIPS.kext/Contents/CodeRequirements /Library/Extensions/SymIPS.kext/Contents/CodeResources /Library/Extensions/SymIPS.kext/Contents/CodeSignature Dependency lacks appropriate value for OSBundleRequired and may not be availalble during early boot: com.symantec.kext.ndcengine - OSBundleRequired not set Personality has no CFBundleIdentifier; the kext's identifier will be inserted when sending to the IOCatalogue: IOKitKernelExplorer /Library/Extensions/SymIPS.kext appears to be loadable (including linkage for on-disk libraries).
Applies To
Macintosh OS X 10.9
Symantec Endpoint Protection 12.1 RU4 for Macintosh