Unsupported Mac Mojave

Apple previously released security updates to defend against Spectre—a series of speculative execution vulnerabilities affecting devices with ARM-based and Intel CPUs. Intel has disclosed additional Spectre vulnerabilities, called Microarchitectural Data Sampling (MDS), that apply to desktop and notebook computers with Intel CPUs, including all modern Mac computers.

macOS Mojave 10.14.5 includes security updates for Safari, and the option to enable full mitigation, as described below.

  1. Hi folks, I’ve just installed unsupported Mojave on my Mac Pro 3,1 (dual processor 2.8GHz) which is working fine as far as I can tell. However, I can’t seem to get it to reliably respond to the “Option” key start routine. Just either goes blank and shuts down or starts Mojave.
  2. Then Click your HDD/SSHD/SSD that you want Mojave to be installed onto. Click continue after selecting your drive. Mojave is being installed onto your Mac. Once the installer is done installing, shut down your computer. This time, instead of installing Mojave again we need to install the necessary patches for Mojave to run properly.

Mojave will be almost unusable without graphics acceleration. This includes the 15' and 17' MacBook Pro systems (MacBookPro8,2 and 8,3). If you want to enable GPU acceleration on these machines.

Security Update 2019-003 High Sierra and Security Update 2019-003 Sierra include the option to enable full mitigation.

About security fixes in macOS Mojave

macOS Mojave 10.14.5 fixes this issue for Safari with no measurable performance impact.1 This update prevents exploitation of these vulnerabilities via JavaScript or as a result of navigating to a malicious website in Safari.

Customers can also protect their Mac by updating security settings in macOS to download apps only from the App Store. This setting helps prevent the installation of apps that could potentially exploit these vulnerabilities. All apps from the App Store are signed by Apple to ensure that they haven’t been tampered with or altered. Learn how to view and change app security settings on your Mac.

Although there are no known exploits affecting customers at the time of this writing, customers with computers at heightened risk or who run untrusted software on their Mac can optionally enable full mitigation to prevent harmful apps from exploiting these vulnerabilities. Full mitigation requires using the Terminal app to enable an additional CPU instruction and disable hyper-threading processing technology. This capability is available for macOS Mojave, High Sierra, and Sierra in the latest security updates and may reduce performance by up to 40 percent2, with the most impact on intensive computing tasks that are highly multithreaded. Learn how to enable full mitigation.

Unsupported Mac models

These Mac models may receive security updates in macOS Mojave, High Sierra or Sierra, but are unable to support the fixes and mitigations due to a lack of microcode updates from Intel.

  • MacBook (13-inch, Late 2009)
  • MacBook (13-inch, Mid 2010)
  • MacBook Air (13-inch, Late 2010)
  • MacBook Air (11-inch, Late 2010)
  • MacBook Pro (17-inch, Mid 2010)
  • MacBook Pro (15-inch, Mid 2010)
  • MacBook Pro (13-inch, Mid 2010)
  • iMac (21.5-inch, Late 2009)
  • iMac (27-inch, Late 2009)
  • iMac (21.5-inch, Mid 2010)
  • iMac (27-inch, Mid 2010)
  • Mac mini (Mid 2010)
  • Mac Pro (Mid 2010)
  • Mac Pro (Mid 2012)

1 Safari performance: Testing conducted by Apple in May 2019 showed that these updates resulted in no measurable reduction in Safari performance using common Web browsing benchmarks such as Speedometer, JetStream, and MotionMark.

2 macOS performance: Testing conducted by Apple in May 2019 showed as much as a 40% reduction in performance with tests that include multithreaded workloads and public benchmarks. Performance tests are conducted using specific Mac computers. Actual results will vary based on model, configuration, usage, and other factors.


This advisory describes the changes and steps administrators can take to deploy Mac Connector 1.14.

The Mojave 10.14.1 update does NOT install properly on unsupported machines, and could result in an unbootable OS. If you want to install the 10.14.1 update (and are not currently running 10.14.1), perform the following steps. Jun 22, 2020 A: If your Mac had official support in macOS Catalina, they will likely be able to be patched to run Big Sur with minimal issues. As of writing, only WiFi appears to be unstable, and even then, not for all users. If your Mac was unsupported before the release of macOS Catalina, support remains to be seen as graphics acceleration may not be.

Mac Connector version 1.14 introduces a number of changes that require user attention. Most notably, this Connector release includes changes to full disk access approvals and adds support for macOS 11 (Big Sur) System Extensions.
Since the inital 1.14 launch, compatibility issues have been discovered with 3rd party applications on macOS 10.15 Catalina when system extensions are in use. Apple will be addressing these issues in future releases of macOS 11 but will not be fixing these issues in macOS 10.15. Consequently, starting with version 1.14.1, the Mac Connector will use legacy kernel extensions instead of system extensions on all versions of macOS 10.15.
Mac Connector 1.14 is required to ensure endpoint protection on macOS 11. Older Mac Connectors will not work on this version of macOS.
It is highly recommended to deploy the Mac Connector with an MDM profile that grants the required approvals. MDM profiles must be installed before installing or upgrading the Mac Connector to ensure the needed permissions are recognized. Refer to the Known Issues section later in this document if MDM cannot be used.

Minimum OS Requirements

AMP for Endpoints Mac Connector 1.14.0 supports the following macOS versions:

  • macOS 11, using macOS system extensions.
  • macOS 10.15.5 and later, using macOS system extensions.
  • macOS 10.15.0 through macOS 10.15.4, using macOS kernel extensions
  • macOS 10.14, using macOS kernel extensions.

AMP for Endpoints Mac Connector 1.14.1 supports the following macOS versions:

  • macOS 11, using macOS system extensions.
  • macOS 10.15 using macOS kernel extensions.
  • macOS 10.14, using macOS kernel extensions.

For deployments that include endpoints running older macOS versions, consult the OS Compatibility Table for compatible Mac Connector versions.

Important Changes

Mac Connector 1.14 introduces important changes in three areas:

  1. Approving AMP macOS Extensions to load
  2. Full Disk Access
  3. New Directory Structure

Approving Mac Connector macOS Extensions

The Mac Connector uses either System Extensions or legacy Kernel Extensions to monitor system activities, depending on the macOS version. On macOS 11, System Extensions replace the legacy Kernel Extensions that are unsupported in macOS 11. User approval is required on all versions of macOS before either type of extension is allowed to run. Without approval, certain Connector functions such as on-access file scan and network access monitoring will be unavailable.

Macos catalina for macbook pro 2015. Mac Connector 1.14 introduces two new macOS system extensions:

  1. An Endpoint Security extension, named AMP Security Extension, to monitor system events
  2. A Network Content Filter extension, named AMP Network Extension, to monitor network access

The two legacy Kernel Extensions, ampfileop.kext and ampnetworkflow.kext, are included for backwards compatibility on older macOS versions that don't support the new macOS System Extensions.

The following approvals are required for macOS 11** and later:

  • Approve AMP Security Extension to load
  • Approve AMP Network Extension to load
  • Allow AMP Network Extension to filter network content

** Mac Connector version 1.14.0 also required these approvals on macOS 10.15. These approvals are no longer required on macOS 10.15 when running Mac Connector 1.14.1 or later.

Upgrade Unsupported Mac

The following approvals are required for macOS 10.14 and macOS 10.15:

  • Approve AMP Kernel Extensions to load

These approvals can be granted using the macOS Security & Privacy Preferences on the endpoint, or by using Mobile Device Management (MDM) profiles.

Approving Mac Connector macOS Extensions at the Endpoint

System and Kernel extensions can be approved manually from the macOS Security & Privacy Preferences pane.

Approving Mac Connector macOS Extensions using MDM

NOTE: macOS Extensions cannot be retroactively approved via MDM. If the MDM profile is not deployed prior to installing the Connector then the approvals will not be granted and additional intervention will be required in one of the following forms:

1. Manual approval of the macOS Extensions on endpoints that had the management profile deployed retroactively.
2. Upgrading the Mac Connector to a newer version than the one currently deployed. Endpoints that had themanagement profile deployed retroactively will recognize the management profile after upgrade and gain approval once the upgrade completes.

Upgrade unsupported mac to mojave

AMP extensions can be approved using a management profile with the following payloads and properties:

PayloadPropertyValue
SystemExtensionsAllowedSystemExtensionscom.cisco.endpoint.svc.securityextension, com.cisco.endpoint.svc.networkextension
AllowedSystemExtensionTypesEndpointSecurityExtension, NetworkExtension
AllowedTeamIdentifiersDE8Y96K9QP
SystemPolicyKernelExtensionsAllowedKernelExtensionscom.cisco.amp.fileop, com.cisco.amp.nke
AllowedTeamIdentifiersTDNYQP7VRK
WebContentFilterAutoFilterEnabledfalse
FilterDataProviderBundleIdentifiercom.cisco.endpoint.svc.networkextension
FilterDataProviderDesignatedRequirementanchor apple generic and identifier 'com.cisco.endpoint.svc.networkextension' and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DE8Y96K9QP)
FilterGradefirewall
FilterBrowsersfalse
FilterPacketsfalse
FilterSocketstrue
PluginBundleIDcom.cisco.endpoint.svc
UserDefinedNameAMP Network Extension

Full Disk Access

MacOS 10.14 and later require approval before an application can access parts of the filesystem that contain personal user data (e.g. Contacts, Photos, Calendar, and other applications). Certain Connector functions such as on-access file scan will be unable to scan these files for threats without approval.

Previous Mac Connector versions required the user to grant Full Disk Access to the ampdaemon program. Mac Connector 1.14 requires Full Disk Access for:

  • 'AMP for Endpoints Service' and
  • 'AMP Security Extension'

The ampdaemon program no longer requires Full Disk Access starting with this new Mac Connector version.

Full Disk Access approvals can be granted using the macOS Security & Privacy Preferences on the endpoint, or by using Mobile Device Management (MDM) profiles.

Approving Full Disk Access at the Endpoint

Full Disk Access can be approved manually from the macOS Security & Privacy Preferences pane.

Approving Full Disk Access Using MDM

NOTE: macOS Extensions cannot be retroactively approved via MDM. If the MDM profile is not deployed prior to installing the Connector then the approvals will not be granted and additional intervention will be required in one of the following forms:

1. Manual approval of the macOS Extensions on endpoints that had the management profile deployed retroactively.
2. Upgrading the Mac Connector to a newer version than the one currently deployed. Endpoints that had the management profile deployed retroactively will recognize the management profile after upgrade and gain approval once the upgrade completes.

Full Disk Access can be approved using a management profile's Privacy Preferences Policy Control payload with a SystemPolicyAllFiles property with the following two entries, one for the AMP for Endpoints Service and one for the AMP Security Extension:

DescriptionPropertyValue
AMP for Endpoints ServiceAllowedtrue
CodeRequirementanchor apple generic and identifier 'com.cisco.endpoint.svc' and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DE8Y96K9QP)
Identifiercom.cisco.endpoint.svc
IdentifierTypebundleID
AMP Security ExtensionAllowedtrue
CodeRequirementanchor apple generic and identifier 'com.cisco.endpoint.svc.securityextension' and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DE8Y96K9QP)
Identifiercom.cisco.endpoint.svc.securityextension
IdentifierTypebundleID

If your deployment includes computers running AMP Connector version 1.12.7 or older, the following additional entry is still required to grant full disk access to ampdaemon for those computers:

DescriptionPropertyValue
ampdaemonAllowedtrue
CodeRequirementidentifier ampdaemon and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TDNYQP7VRK
Identifier/opt/cisco/amp/ampdaemon
IdentifierTypepath

New Directory Structure

Install Macos Mojave On Unsupported Mac

Mac Connector 1.14 introduces two changes to the directory structure:

  1. The Applications directory has been renamed from Cisco AMP to Cisco AMP for Endpoints.
  2. The command-line utility ampcli has been moved from /opt/cisco/amp to /Applications/Cisco AMP for Endpoints/AMP for Endpoints Connector.app/Contents/MacOS. The directory /opt/cisco/amp contains a symlink to the ampcli program at its new location.
Unsupported mac mojave update

The complete directory structure for the new AMP Connector is as follows:

Unsupported Mac Mojave Hard Drive

Known Issues with macOS 11.0 and Mac Connector 1.14.1.

  • Guidance for fault 10, 'Reboot required to load kernel module or system extension,' may be incorrect if four or more Network Content Filters are installed on the computer. Refer to the AMP For Endpoints Mac Connector Faults article for more details.

Known Issues with macOS 10.15/11.0 and Mac Connector 1.14.0.

  • Some faults raised by the Mac Connector may be raised unexpectedly. Refer to the AMP For Endpoints Mac Connector Faults article for more details.
    • Fault 13, Too many Network Content Filter system extensions, may be raised after upgrading. Rebooting the computer will resolve the fault in this situation.
    • Fault 15, System Extension requires Full Disk Access, may be raised after reboot due to a bug in macOS 11.0.0. This issue is fixed in macOS 11.0.1. The fault can be resolved by re-granting full disk access in the Security & Privacy pane in macOS System Preferences.
  • During installation, the Security & Privacy pane may display 'Placeholder Developer' as the application name when granting permission for the Mac Connector system extensions to run. This is due to a bug in macOS 10.15. Check the boxes beside 'Placeholder Developer' to allow the Mac Connector to protect the computer.
    • The systemextensionsctl listcommand can be used to determine which system extensions are awaiting approval. System extensions with the state [activated waiting for user]in this output are displayed as 'Placeholder Developer' in the macOS preferences page shown above. If more than two 'Placeholder Developer' entries are showin in the above preferences page, uninstall all software that uses system extensions (including the Mac Connector) so that no system extensions are awaiting approval, and then reinstall the Mac Connector.
      The Mac Connector sysem extensions are identified as follows:
      • The Network Extension is shown as com.cisco.endpoint.svc.networkextension.
      • The Endpoint Security extension is shown has com.cisco.endpoint.svc.securityextension.
  • During install, the prompt to allow the Mac Connector's Content Filter to monitor network traffic may display '(null)' as the application name. This is caused by a bug in macOS 10.15. The user needs to select 'Allow' to to ensure protection of the computer.
    If the prompt was dismissed by clicking 'Don't Allow' it can be displayed again by clicking the AMP Agent menulet icon in the menu bar and selecting 'Allow Network Filter.'
    Once enabled, the AMP Network Extension filter will be listed in the Network Preferences page.
  • On macOS 11, when upgrading from Mac Connector 1.12 to Mac Connector 1.14, Fault 4, System Extension Failed to Load, may be raised temporarily while the Connector is transitioning from the kernel extensions to the new system extensions.

Revision History

Dec 1, 2020

Download Mac Mojave

  • Mac Connector 1.14.1 no longer uses system extensions on macOS 10.15.
  • Additional guidance on using terminal check which 'Placeholder Developer' System Extensions are awaiting approval when using Mac Connector 1.14.0.

Nov 9, 2020

  • Corrected bundle ID in full disk access CodeRequirement MDM payload.

Nov 3, 2020

Macos 10.14 Mojave On Unsupported Macs

  • Release date for 1.14.0 Mac Connector is November 2020.
  • The 1.14.0 Mac Connector will use System Extensions starting with macOS 10.15.5. Previously this was 10.15.6.
  • Added Known Issues section.
  • Updated directory structure outline.

Unsupported Mac Mojave Operating System

Welcome to Mr. Macintosh.com. If you are part of one of the following groups, Mac Admins, Mac Support, Mac Developer, Mac in Education or Mac User, then this is the site for you. Each group is important, yet has different needs.

  • Mac Admin = This tag is for anyone in who is in Macintosh Architecture, Engineering, System Administration, or MDM Administrators.
  • Mac Support = Someone who supports or fixes Macintosh issues. This group includes anyone who works in a Macintosh Helpdesk role. You could be level 1-3 or even a Subject Matter Expert (SME) or Team Lead or Management.
  • Mac in Education = This group is for anyone working in K-12 or Higher Education. You could be a teacher, Helpdesk Analyst, or Administrator.
  • Mac Developer = A Mac Developer, covers anyone who develops software on the Mac, including macOS iOS, iPadOS, watchOS, and tvOS.
  • Mac User = This could be anyone who uses a Mac. You want to learn more about how the Mac works. You could be an everyday user, enterprise user, student, collector, or even an enthusiast.

I have at one time or another been a part of 4 of 5 groups. I started as a Mac User when I got my first Mac (Blue and White PowerMac G3). Then I got my first job in Mac EDU (Mac Higher Education). After that, I moved on to Mac Support (Mac Enterprise IT Support). Today I am a member of Mac Admins (Macintosh Architecture & Engineering).

If you are just getting started and are thinking of getting into a career supporting Apple devices, knowledge and learning is critical. Read and learn as much as you can along the way.

Unsupported Mac Mojave Catalina

Macos Mojave On Unsupported Macs

Mojave For Unsupported Mac

Be sure to check out my latest blog posts! If you have any comments or questions, feel free to contact me. Thank you for visiting my website.