Author Topic: Core Shields not starting (Avast 14.2/MacOS 10.15)  (Read 4637 times)

0 Members and 1 Guest are viewing this topic.

Offline AdyG

  • Newbie
  • *
  • Posts: 2
Core Shields not starting (Avast 14.2/MacOS 10.15)
« on: November 10, 2019, 08:00:42 AM »
Installed Avast 14.2 on Mac OS 10.15.1 but it refuses to start the core shields.

I've tried each of these...

1) Uninstalled using the official application
2) Rebooted the system
3) Cleared all the usual start-up settings (PRAM, SMC, etc)
4) Shut down and started the system
5) Deleted Avast related items from the /Library and other Libraries
6) Removed Avast from the full disk access, and re-added...  https://support.avast.com/en-in/article/Mac-full-disk-access
7) Reinstalled Avast
8) Tried the allow extensions... https://support.avast.com/en-eu/article/Mac-Security-High-Sierra-allow-extensions
9) tried the
Code: [Select]
sudo /Applications/Avast.app/Contents/Backend/hub/modules/014_fileshield.sh fix; echo $? which gave an error
and so on...

Every time, I get the attached image/screenshot - the "allow" is missing.

At one point there was a note about a kext (if I recall) but I did not get to see it properly as it disappeared rapidly!

The backend command at the terminal gave the following:

Code: [Select]
sudo /Applications/Avast.app/Contents/Backend/hub/modules/014_fileshield.sh fix; echo $?
Password:
+ BASE_DIR=/Applications/Avast.app/Contents/Backend
+ PLIST=/Applications/Avast.app/Contents/Backend/launch/com.avast.fileshield.plist
+ SERVICE_ID=com.avast.fileshield
+ FILESHIELD_BIN=/Applications/Avast.app/Contents/Backend/services/com.avast.fileshield
+ RUN_DIR='/Library/Application Support/Avast/run'
+ PID_FILE='/Library/Application Support/Avast/run/fileshield.pid'
+ KEXT_ID=com.avast.FileShield
+ KEXT=/Applications/Avast.app/Contents/Backend/drivers/AvastFileShield.kext
+ case "$1" in
+ /sbin/kextload /Applications/Avast.app/Contents/Backend/drivers/AvastFileShield.kext
/Applications/Avast.app/Contents/Backend/drivers/AvastFileShield.kext failed to load - (libkern/kext) system policy prevents loading; check the system/kernel logs for errors or try kextutil(8).
27

Running a check instead of the fix gave:

Code: [Select]
sudo /Applications/Avast.app/Contents/Backend/hub/modules/014_fileshield.sh check
+ BASE_DIR=/Applications/Avast.app/Contents/Backend
+ PLIST=/Applications/Avast.app/Contents/Backend/launch/com.avast.fileshield.plist
+ SERVICE_ID=com.avast.fileshield
+ FILESHIELD_BIN=/Applications/Avast.app/Contents/Backend/services/com.avast.fileshield
+ RUN_DIR='/Library/Application Support/Avast/run'
+ PID_FILE='/Library/Application Support/Avast/run/fileshield.pid'
+ KEXT_ID=com.avast.FileShield
+ KEXT=/Applications/Avast.app/Contents/Backend/drivers/AvastFileShield.kext
+ case "$1" in
+ check_kext_status DETAILS
++ /usr/sbin/kextstat
++ grep com.avast.FileShield
++ wc -l
+ KEXT_LOADED='       0'
+ '[' 0 -ne 0 ']'
+ '[' DETAILS == DETAILS ']'
+ /usr/bin/kextutil /Applications/Avast.app/Contents/Backend/drivers/AvastFileShield.kext


Kext rejected due to system policy: <OSKext 0x7ffb9dcab690 [0x7fff94090d10]> { URL = "file:///Library/StagedExtensions/Applications/Avast.app/Contents/Backend/drivers/AvastFileShield.kext/", ID = "com.avast.FileShield" }
Diagnostics for /Applications/Avast.app/Contents/Backend/drivers/AvastFileShield.kext:
+ '[' 27 -eq 27 ']'
+ echo BLOCKED
BLOCKED
+ return 0

Any ideas?
Have we got an inherent "feature" in the release?

Cheers

Ady

PS: had to try posting a few times as post failed to appear

Offline jakub.bednar

  • Avast team
  • Jr. Member
  • *
  • Posts: 55
Re: Core Shields not starting (Avast 14.2/MacOS 10.15)
« Reply #1 on: November 11, 2019, 10:22:55 AM »
Hello AdyG,

thank you for the thorough analysis and report. The important part of the report is this one.

Code: [Select]
sudo /Applications/Avast.app/Contents/Backend/hub/modules/014_fileshield.sh fix; echo $?
Password:
+ BASE_DIR=/Applications/Avast.app/Contents/Backend
+ PLIST=/Applications/Avast.app/Contents/Backend/launch/com.avast.fileshield.plist
+ SERVICE_ID=com.avast.fileshield
+ FILESHIELD_BIN=/Applications/Avast.app/Contents/Backend/services/com.avast.fileshield
+ RUN_DIR='/Library/Application Support/Avast/run'
+ PID_FILE='/Library/Application Support/Avast/run/fileshield.pid'
+ KEXT_ID=com.avast.FileShield
+ KEXT=/Applications/Avast.app/Contents/Backend/drivers/AvastFileShield.kext
+ case "$1" in
+ /sbin/kextload /Applications/Avast.app/Contents/Backend/drivers/AvastFileShield.kext
/Applications/Avast.app/Contents/Backend/drivers/AvastFileShield.kext failed to load - (libkern/kext) system policy prevents loading; check the system/kernel logs for errors or try kextutil(8).
27

The value 27 means, that the drivers were not allowed or at least macOS thinks they were not allowed. In your screen shot, you were missing the Allow button. Did you have the Preferences open while installing Avast? Apple Preferences are not really smart, so they do not refresh the UI when you install any SW while Preferences are open. You need to close and re-open them for the Allow button to appear.

Another thing you could try is to run the suggested kextutil command. It has a more verbose output on what is going on.

Code: [Select]
sudo kextutil /Applications/Avast.app/Contents/Backend/drivers/AvastFileShield.kext
Please let us know any updates. Hopefully we will be able to get this to work, otherwise a bug report to Apple will be needed. They already had similar issues in macOS 10.13 that were fixed in 10.14, but they keep changing it internally and might have broken something again.

Best regards,

Jakub

Offline AdyG

  • Newbie
  • *
  • Posts: 2
Re: Core Shields not starting (Avast 14.2/MacOS 10.15)
« Reply #2 on: November 15, 2019, 04:03:44 PM »
Hi Jakub

apologies for slow reply - been a busy few days...

Yes, as my original information stated, the allow was missing, and the image was there as proof.


Ran the kextutil - and it gave the following:

Code: [Select]
Kext loading serialization lock busy; sleeping (89 retries left).
Kext rejected due to system policy: <OSKext 0x7fb1b4f52910 [0x7fff8dd38d10]> { URL = "file:///Library/StagedExtensions/Applications/Avast.app/Contents/Backend/drivers/AvastFileShield.kext/", ID = "com.avast.FileShield" }
Diagnostics for /Applications/Avast.app/Contents/Backend/drivers/AvastFileShield.kext:

I then uninstalled Avast.
I've ensured the system preferences were closed (pretty certain I did that before).
Then ran the installer again... used standard install, allowed for all users...
Gave the ok for the installer to install new applications...
Closed the installer.
Chose continue with free (for now)...
Clicked through the messages...
When the app screen was revealed, it was in passive mode.
Clicked on core shields.
Allowed Avast to open the system preferences
Unlocked the preferences

But still no Allow.

Clicked leave core shields off (for now).

Re-ran the kextutil.

Code: [Select]
sudo kextutil /Applications/Avast.app/Contents/Backend/drivers/AvastFileShield.kext
Password:
Kext rejected due to system policy: <OSKext 0x7fb90ca62bf0 [0x7fff8dd38d10]> { URL = "file:///Library/StagedExtensions/Applications/Avast.app/Contents/Backend/drivers/AvastFileShield.kext/", ID = "com.avast.FileShield" }
Diagnostics for /Applications/Avast.app/Contents/Backend/drivers/AvastFileShield.kext:

Also tried the
Code: [Select]
sudo /Applications/Avast.app/Contents/Backend/hub/modules/014_fileshield.sh fix; echo $?
again with no change to original posting.


No change.

« Last Edit: November 15, 2019, 04:08:49 PM by AdyG »