When our content filter is deployed, some customers report issues which show that the content filter activation was performed but the filter is showing the state [activated waiting for user].
This typically happens if the customer isn't deploying a profile to pre-authorise the system extension.
The customers report that there was no popup shown for them to allow the filter to complete activation.
Once the filter is in this state, there doesn't seem to be a way to clear it without resorting to disabling SIP.
Attempting a deactivation does not work, the filter remains in the same state.
Is there a way we can we resolve this "stuck" state when it happens without disabling SIP?
It’s better to reply as a reply, rather than in the comments; see Quinn’s Top Ten DevForums Tips for this and other titbits.
The user can allow the [sysex] through System Settings
Right. That’s the standard user-level process for installing system extensions.
We support two mechanisms for installing system extensions:
-
For normal users, the containing app presents the install UI via the System Extensions framework.
-
For managed environments, there’s various options available via MDM.
I see a lot of folks try to target normal users without going through the UI. For example, they create a containing app that’s not actually an app, but rather a command-line tool, and then they run that from, say, an installater script. This has two problems:
-
It’s poor form, in that it takes the user out of the loop.
-
It’s not something we support. I’ve seen these techniques fail in various weird ways.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"