Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Continuous BSOD / Kernel Panic in OSX Mavericks and Symantec Encryption Desktop (PGP) 10.3.1

Created: 22 Oct 2013 | 24 comments

Hello,

I upgraded to OSX Mavericks today.

Ever since, when I boot the machine, after it logs-in and PGP starts to load, PGP creates a kernel panic and machine reboots. I'm not even able to anything to stop it during logon.

I believe issue is at /Library/Extensions/PGPnke.kext, what ever this is.

How can I get PGP running properly on OSX Mavericks?

Operating Systems:

Comments 24 CommentsJump to latest comment

Alex_CST's picture

Hi Alan,

Even the latest version of PGP (10.3.1 ) does not support OSX 10.9

http://www.symantec.com/docs/DOC6698

http://www.symantec.com/docs/TECH174563

You're going to have to restore from a backup I think.

 

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

Alan_P's picture

I don't understand. Isn't OSX Maverics released to developers in June? It is a free update which means everyone will install it and we are already in October.

Since it appears not already done, is there a release date for the upcoming patch which addresses this? A program not functioning can be maybe lived with but rendering the machine completely unusable is a whole different topic

I have a lot of programs which have low level drivers e.g Parallels, little snitch etc but all of them work perfect and Symantec Encryption Desktop is the only software which kills the machine.

Alex_CST's picture

Hi,

It was only released today.  I would hope, given peoples experiences with OSX vs PGP in the past would wait for the green light before upgrading.

SED works on a much lower level than Parallels or LS, it has to replace and take over the boot records etc. So when this changes - SED can't interact with it.

I'm not defending the product, as I agree the release schedule (especially with 10.6/7) was massively delayed from the actual public release date (Windows 8 was over a year before supported) 

Bare in mind that developer release versions also are NOT the same update that Apple push out to the public either.

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

jhm2's picture

I would ignore the advice about restoring from a backup!

A similar thing happened with the release of OS X Mountain Lion when PGP again caused kernel panics on bootup.

You need to boot into safe mode:

http://support.apple.com/kb/HT1455

and then go and move /Library/Extensions/PGPnke.kext out of that directory into another location.

Reboot.

Alan_P's picture

I'm using only email encryption. I use filevault of OSX and do nothing with PGP's full disk encryption.

Sorry but your point that PGP works more lower level than little snitch or parallels is not correct.

And I really don't understand why a basic proxy functionality such as email man-in-the-middle requires kernel level access. It should essentially listen to a port per mail server and dispatch requests to this server. This does not require root permissions neither.

I'd say the application is engineered instable per design, just for the sake that it will intercept someone's connection with low level osx functionality or dll attaching on windows (which is worse) and it might make it simpler for some users and the user doesnt need to configure its mail server settings (which user'd only do once). The current invasive approach caused me so many problems, including sensitive mails going in clear text when pgp service/driver somehow died, that with the current issues i'm thinking about looking for another solution.

So it is killing our machines for what benefit?

I hope the current issue gets resolved soon. Removing the kext means no email encryption.

 

 

Camilo_H's picture
 
Hi,

I've the same problem. After Update and PGP started, fail for a Java6 update, and first time I update it and maveriks crash with a Kernel Panic.

After Rescue, I didn't update Java 6 but PGP service are unavailable.

We need this update, because it's a critical service that all people over organizations can't use now. This software are paid, and minimal we need that symantec works with new updates over operating systems. Like Alan_P I think that if Maveriks was released to developers before was to they can update and test their applications and offer an update to the final customer.

aramin's picture
Enough, Enough, Enough. I've had enough. Same thing with every update. It will take several weeks before symantec find a solution and we can not get access to our documents.
 
As soon as I got access to my documents, I will abandon Symantec and I assure you that my company will do the same.
 
Shame on you.
mbriney's picture

I am running into the same problem.  Symantec needs to get on this and get us a fix!  There's been plenty of time to get a new version available.

DanielSchiada's picture

Mavericks literally just came out and in the past its taken time for a solution.  Do you honestly think that Symantec is the only company that is having issues with compatiblity?  Apple is notorious for making last minute changes and not providing developers/OEMs with the GM release or working with thier engineers until its release to the public.  We have run into this issue in many cases where I work where even the apple engineers have to be "secret."  Addtionallly, what is the compelling need to upgrade right away to an imo margionally incremental release that is going to be buggy in the first place?  

If you absolutelyl have to run it use jhm2's suggestion or just uninstall and use FileVault2 for the time being:

A similar thing happened with the release of OS X Mountain Lion when PGP again caused kernel panics on bootup.

You need to boot into safe mode:

http://support.apple.com/kb/HT1455

and then go and move /Library/Extensions/PGPnke.kext out of that directory into another location.

Reboot.

 

Cheers

 

Dr. Volkmar G. HABLE's picture

This is a letter to the management of Symantec:

Dear Sirs:

your PGP development department has been in serious delay in providing highly necessary PGP updates to new systems like IOS mavericks and others before. Your failure to provide minimum compatibility to important updates means that I as many others cannot access our PGP encrypted files, except by using replacement machines, which as you may imagine causes great hassle and trouble.

I would like to register my disgust and disaproval with your repeated failure to comply with minimum standards of necessary corporate responsibility and ethcis.

My name is visible to the public and I - as so many others in the same situation - expect an answer and resolution of that matter. 

Sincerely

VH

Camilo_H's picture
 

We know that Symantec isn't the only vendor that have problems with Mavericks; but the principal topic here is that this software was desing for SECURITY and this affect more than a normal software that you can replace easy without problems.

This software are important for organizations and a lot of files or emails are inaccesibles and the normal work flow are affected.

This software was paid and isn't unexpensive; and we need a answer from symantec for our problem.

I use FileVault, but all my emails with some partners are sent in plain mode because your fault.

Minh Stewart's picture

"A similar thing happened with the release of OS X Mountain Lion when PGP again caused kernel panics on bootup.

You need to boot into safe mode:

http://support.apple.com/kb/HT1455

and then go and move /Library/Extensions/PGPnke.kext out of that directory into another location.

Reboot."

 

I've done this but as soon as I hold down the shift key, the PGP screen shows up.  Was that file supposed to be moved prior to encryption?  

Bill F's picture

The Mac OS versions support page indicates that Encryption Desktop 10.3.1 MP1 is OS X 10.9 compatible.  Not Boot Camp compatible.

I installed 10.3.1 MP1 and then attempted to install Maverick.  When the Maverick installer attempted to boot up, it went into the kernel panic at boot loop with the trace indicating PGP.  Is MP1 not actually compatible?  Is it possible that some component does not upgrade properly?

 

Anthony_Betow's picture

HI Bill,

You'll want to have your Mac OSX upgraded to 10.9 first and then install the Symantec Encryption Desktop 10.3.1 MP1. 

Here are the release notes:

http://www.symantec.com/business/support/index?pag...

Thanks

Anthony

volkmar hable1's picture

To anthony - symantec employee:

Your post does NOT state  where one can download the 10.3.1. version. it is not stated in the release notes either. and my symantec account lets me download only the 10.2 version which obviously does not wirk with OS Mavericks. 

The product description on the symantec website still states no 10.3.1 version.

Clarify these confusing and contradicting information for the interested audience.

Alex_CST's picture

You need to contact customer care if you cannot see the upgrade.  It's possible your license is not allowed to download updates.

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

aramin's picture

Don´t call the customer care, was waiting 30 minutes and they did´t find the right solution. 

I have the 10.3.1 but this is not compatible with 10.9 OS. 

When I am trying to install the 10.3.1 the system wants to install Java 6. That is the problem. The 10.3.1 does not work with Java 7, and the 10.9 works with Java 7  

aramin's picture

"Note: If you are upgrading your computer to a new major release of Mac OS X (such as from 10.8 to 10.9) and want to use this version of Symantec Encryption Desktop, be sure to uninstall any previous versions of Symantec Encryption Desktop before upgrading to the new version of Mac OS X and installing this release. Be sure to back up your keys and keyrings before uninstalling. Note that if you have used Symantec Drive Encryption, you will need to unencrypt your disk before you can uninstall Symantec Encryption Desktop."

 

The problem is that I have uppgraded to 10.9 before and can´t now unencrypt my disk. How do I go further?

PGP_Ben's picture

Go here to check for firmware/boot rom updates on your Mac which may help address compatability with 10.9.1 and Symantec Encryption Desktop.

http://support.apple.com/kb/HT1237

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

PGP_Ben's picture

By the way, to Aramin, Symantec Encryption Desktop 10.3.0 MP1 works fine with OS X Mavericks. It was certified to run on that version, that was the first version we supported OS X 10.9. But 10.3.0 Build 8741 (GA release) is not the same as 10.3.0 MP1 (Build 9060).

I hope that clarifies the situation.
 

Ben

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.

Alan_P's picture

I'm using 10.3.2 MP1 on Mavericks 10.9.3 now. I still have issues about stability and performance.

The issues I have are:

  1. Very often PGP engine hangs with a red color in OSX activity monitor. Killing sometimes restarts it sometimes it is just gone.

  2. Mail app keeps downloading the emails again and again on Gmail. I first thought this is an Apple mail issue but I'm running 10.9.3 with Encryption Desktop in proxy mode with IMAP, it appears to me this is because of Encryption Desktop

  3. Maybe because of this mail redownloading, the battery of my Macbook pro is also very fast empty. PGP also shows as the app which uses most of the energy in Activity Monitor.

  4. After boot I get  message that pgpwde.kext or something is not compatible and it will be disabled.

Mike Ankeny's picture

I have seen the issue with the PGPwde.kext.  I have been able to successfully fix that issue by installing encryption desktop again over the top of the existing installation.  Give that a shot, and let us know.

 

MichaelCiv's picture

I think part of the inherent problems is that many of us, especially in Education, recieve Apple hardware with the latest and greatest build of OSX. So its not that we chose to upgrade, but rather were forced into it. There is no legal way to downgrade the operating system on them, so were stuck with unsupported software. Its a frustrating experience for everyone involved.