Intego Technical Note ITN-1804101

 

Flextivity 1.8.2 introduces a new management architecture which requires client devices to be enrolled into an MDM (Mobile Device Management) solution. 

In-Depth Explanation

macOS High Sierra 10.13.4 introduces a new security feature that requires user approval or MDM enrollment before loading a newly installed third-party kernel extension.

 As a result, Flextivity installs two profiles on the client device:

  • Intego Trust Certificate
  • Intego MDM Profile

These profiles include high privileges to ensure proper management of the device.

As part of the QFE we issued to ensure proper function in macOS High Sierra, the certificates are using the defaults provided by Apple.

In the upcoming Flextivity 1.9 release, these profiles will be replaced and they will include permissions tailored by the administrator as part of a security policy.

Possible Actions 

In the event you do not want to have these profiles on your systems, it is possible to remove them with the following caveats:

  • You won’t benefit from the upcoming Flextivity 1.9 remote management update, including features like remote wipe or physical location detection
  • You will have to manually approve Intego kernel extensions on each Flextivity client device

 If you choose to remove the profiles (not recommended), here is how:

  • Open System Preferences
  • Go to the ‘Profiles’ section
  • Remove the profiles installed with Flextivity. (You will need to type the computer’s admin password)
  • Restart the device
  • Upon restart, you may be prompted to approve the kernel extensions. If that is the case, macOS will present an alert similar to the one shown in Figure 1.

Figure 1: User approval required

Blocked_Extension_Alert.png 

 To manually approve the kernel extensions:

  • Open System Preferences
  • Go to ‘Security & Privacy’
  • In the ‘General’ tab, locate the ‘Allow’ button next to the text saying “System software from developer ‘Intego’ was blocked from loading”.
  • Restart your device

 

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk