GC,
I want to second the negative feedback that has been provided by others in this forum regarding this change. Although I get the intent of what you are attempting to accomplish from a security perspecitve, where this change fails is its UI design. In my opinion there are much better ways to design this user interface to handle the general case of legitimate applications that rely on kernel extensions, without compromising the security objective here.
The problem before High Sierra is that any application could attempt to activate a kernel extension at any time. In that case, this UI makes a certain amount of sense, as user interaction can be demanded whenever that happens to occur.
However, most applications that have kernel extensions do not load them randomly or unpredicably. What Apple has failed to do here is provide developers with a structured process that is easy for users to follow that legitimate applications and installers can use to guide users through approving kernel extenions at installation/setup time. As things stand, the only option is to pop up a window which attempts to explain the process to the user, tell them they are about to see an error message, attempt to load the extension so the error appears, and then attempt to show the user how to dig through the System Preferences to approve it. This is extremely cumbersome and will ultimately fail in practice.
In my opinion, for what its worth, applications should be able to direct the operating system to ask the user for approval directly in a pop-up dialog at install time, instead of requiring the user to find the approval switch within the System Preferences. Applications should also be able to obtain approval to load kernel extensions in the future before actually loading them, as loading them at install time may not be appropriate.
Regardless of whether or not your designers agree with those observations, the present UI appears to be designed to deter the loading of kernel extensions in general and the user experience in the context where kernel extensions must be loaded does not appear to have been given careful consderation. You must go back to the drawing board on this.
Thanks,
TC