Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

OSX kernel panic with Bit9 and Little Snitch

OSX kernel panic with Bit9 and Little Snitch

Version

7.0.1.x

 

Issue

After installing Little Snitch application and rebooting, the system kernel panics implicating a Bit9 kernel extension.

 

Symptoms
A kernel panic happens after installing or uninstalling Little Snitch


Cause

When installing their KEXT, Little Snitch forces a kextcache update using the kextcache command.  This technique is ‘heavy-handed’ as the system will update the kextcache for them when they place their driver in /System/Library/Extensions.  It is the conflict with their manual call of kextcache and the systems automated update that results in kextcache corruption if a reboot is performed immediately after install or uninstall.

 

Solution

This problem can be worked around.

1. Install Little Snitch before Bit9, or

2. After installing Little Snitch, do not reboot right away.  Wait 5 minutes then issue the following command:

sudo touch /System/Library/Extensions

this will ask the system to update the kernel cache.  Wait 5 more minutes then reboot.

 

 

Internal Notes

https://community.bit9.com/docs/DOC-3617

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-09-2015
Views:
502
Contributors