Content filter stuck waiting for user

App & System Services Networking
davidsansom OP
Created Mar ’25
Replies 2
Boosts 0
Views 329
Participants 2

When our content filter is deployed, some customers report issues which show that the content filter activation was performed but the filter is showing the state [activated waiting for user].

This typically happens if the customer isn't deploying a profile to pre-authorise the system extension.

The customers report that there was no popup shown for them to allow the filter to complete activation.

Once the filter is in this state, there doesn't seem to be a way to clear it without resorting to disabling SIP.

Attempting a deactivation does not work, the filter remains in the same state.

Is there a way we can we resolve this "stuck" state when it happens without disabling SIP?

Replies  2
Boosts  0
Views  329
Participants  2
DTS Engineer OP
Apple
Mar ’25
the filter is showing the state [activated waiting for user].

This is output from systemextensionsctl, right?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
DTS Engineer OP
Apple
Mar ’25
Accepted Answer
Recommended

It’s better to reply as a reply, rather than in the comments; see Quinn’s Top Ten DevForums Tips for this and other titbits.

The user can allow the [sysex] through System Settings

Right. That’s the standard user-level process for installing system extensions.

We support two mechanisms for installing system extensions:

  • For normal users, the containing app presents the install UI via the System Extensions framework.

  • For managed environments, there’s various options available via MDM.

I see a lot of folks try to target normal users without going through the UI. For example, they create a containing app that’s not actually an app, but rather a command-line tool, and then they run that from, say, an installater script. This has two problems:

  • It’s poor form, in that it takes the user out of the loop.

  • It’s not something we support. I’ve seen these techniques fail in various weird ways.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1
Content filter stuck waiting for user
First post date Last post date
 
 
Q