search cancel

Symantec Endpoint Protection for Macintosh: Mac OS X 10.9 Kernel Signing Overview & Troubleshooting


Article ID: 158648


Updated On:


Endpoint Protection


To improve Kernel Protection, Apple has mandated that third parties sign their Kernel Extensions in OS X 10.9 "Mavericks".

When a Kernel Extension is not signed, OS X 10.9 throws out a warning message to the end user:

Kernel extension is not from an identified developer
The kernel extension at "/System/Library/Extensions/SymInternetSecurity.kext" is not from an identified developer but will still be loaded.
Please contact the kernel extension vendor for updated software.


Signing can only be done using specialized kernel signing certificate -- application signing certificates cannot be used for this purpose.


Symantec provides signed kernel extensions for SEP 12.1 RU4. Default location for auto-loading the signed kernel extension is from folder at /Library/Extensions/

Symantec kernel extensions and file locations

OS X 10.8 & 10.7 - unsigned:
/Library/Application Support/Symantec/Antivirus/SymAPComm.kext

OS X 10.9 - signed:
/Library/Application Support/Symantec/Antivirus/Signed/SymAPComm.kext

All kext related warnings and errors goes to system.log and kernel.log; search these logs with kext name as keyword

Use the kextstat command line to check if required kexts are loaded:


Maverick:~ admin$ kextstat | grep -i symantec
   41    3 0xffffff7f807db000 0xf000     0xf000 (5.2f2) <5 4 3 1>
   42    1 0xffffff7f807ea000 0x70000    0x70000 (1.0f2) <41 4 1>
   43    0 0xffffff7f8085a000 0xb000     0xb000 (3.5f2) <42 41 5 4 3 1>
   85    0 0xffffff7f819e9000 0x4000     0x4000 (12.2f2) <41 7 5 4 1>

Use the kextutil to check if a kext is signed or not:



Maverick:~ admin$ kextutil -tn /Library/Extensions/SymIPS.kext
    The booter does not recognize symbolic links; confirm these files/directories aren't needed for startup:
    Dependency lacks appropriate value for OSBundleRequired and may not be availalble during early boot: - OSBundleRequired not set
    Personality has no CFBundleIdentifier; the kext's identifier will be inserted when sending to the IOCatalogue:

/Library/Extensions/SymIPS.kext appears to be loadable (including linkage for on-disk libraries).


Applies To

Macintosh OS X 10.9

Symantec Endpoint Protection 12.1 RU4 for Macintosh