BlockBlock says 'not active' after new installation MacOS 13.0

[erikcoolen]

On my Mac Mini (M1, 2020), I keep getting the notice 'BlockBlock not active' after I installed Ventura. BlockBlock is active and full disk access is granted. I re-installed BlockBlock but to no avail. Is this a known issue?

[wdormann]

In my experience when running the BlockBlock installer on Ventura, it never recognizes that it has Full Disk Access. Related: if I manually revoke Full Disk Access via macOS settings, it stays enabled. So at least with this second issue, I find it somewhat hard to believe that it's Bl

ockBlock's fault. If macOS wants to revoke a permission, that shouldn't involve any functionality that the app provides itself.

Regardless, it seems that something changed with Ventura related to full-disk permissions, and BlockBlock doesn't seem to be working because of it.

[objective-see]

This appears to be an issue in macOS, as its affecting other vendor's Endpoint Security clients (which Apple is aware of, and working on a fix):

See: https://twitter.com/objective_see/status/1584940696443981824

Work around:

1. Remove BlockBlock from FDA,
2. Re-add it, and perhaps reboot as well.

Details (from: https://twitter.com/0xmachos/status/1584907688269463552)

TCC.db ends up with an old entry for the app for kTCCServiceSystemPolicyAllFiles and a new entry for kTCCServiceEndpointSecurityClient. These two entry’s conflict, thus you need to completely remove the app from FDA and re add it plus some reboots. Filed bug with Apple

[utkonos]

I'm having problems with step 1. I have uninstalled BlockBlock and restarted. I looked in the FDA configuration in System Settings -> Privacy & Security -> Full Disk Access and BlockBlock is not listed. I then run the installer, and when the "Grant Full Disk Access" happens, I open the System Settings panel using the "Open System Preferences" button. BB is listed and the toggle on that row is blue for enabled. BB doesn't appear to recognize this condition, so I tried to click the toggle to disable. However, the toggle moves to grey for about a half second and then moves back to blue for enabled.

Is there another way to remove BB from FDA? Uninstalling does not work it seems.

[objective-see]

Good question @utkonos MalwareBytes seems to have the same issue, their (more) details steps for a workaround might work?

https://forums.malwarebytes.com/topic/291402-malwarebytes-for-mac-417-beta/#comment-1539125

[utkonos]

I figured it out. Here are the granular steps to remove BB from FDA:

1. System Settings -> Privacy & Security -> Full Disk Access (or the "Open System Preferences" button during install).
2. Right click on the entry "BlockBlock" and click "Show in Finder"
3. With that new window open, go back to Full Disk Access and left click "BlockBlock" to select it.
4. Down at the bottom of the window, click - to remove the entry.
5. You may need to do this a few times as it keeps coming back.
6. Eventually a "good" entry with the toggle grey rather than blue will appear.
7. If you are not doing this during the install process, you will need to drag the BB icon from the Finder window over to "Full Disk Access" to add it to the list.
8. Click the toggle to grant Full Disk Access
9. Continue with the install
10. If you're just trying to fix an already installed instance, reboot to verify that the issue is resolved.

[wdormann]

Strange bug that clicking the slider to disable BlockBlock from FDA does nothing (it temporarily slides to disabled and then immediately goes back to enabled again. But clicking the - leaves the entry in the list, but switches it to disabled! But yeah, the above steps work!

[erikcoolen]

Above steps work. Nice one! :)

[Drjacky]

For me, when I logged in, there was a "BB is not active" dialogue. then I checked the FDA and it was disabled, and the only thing I had to do was enable it (once!) and it works now.

[aarondavidpolley]

Yeah happened with my upgrade from 12.6.0 to 13.0 (22A380).

Running BlockBlock 2.1.4

Turning off Block Block in System Settings > Privacy and Security > Full Disk Access asked for Touch ID/Password and then did nothing (toggle turned right back on). Instead removing the item using the minus ( - ) button, providing password/Touch ID, actually disabled it.

Then I was able to re-enable it with the toggle, providing auth.

Then I used activity monitor to kill the existing BlockBlock process running as root, no change

Then I used activity monitor to kill the existing BlockBlock Helper process running as my user, no change

Then I launched BlockBlock Helper app from Launchpad and it kicked into gear. with all processes back in activity monitor and icon in Menu Bar

[objective-see]

Now in the news 🍎🐛 https://www.wired.com/story/apple-macos-ventura-bug-security-tools/

[mario-zelger]

Just installed macOS Ventura 13.0.1 and the issue seems to be fixed. I did not use any of the workarounds mentioned above before the update.

[0xmachos]

I've verified that, as @mario-zelger states above, macOS Ventura 13.0.1 fixes this bug. If you upgrade from 12.x to 13.0.1 you'll be fine.

[objective-see]

Mahalo @0xmachos 🙏 Closing this issue, as it's now been fixed (by Apple) in macOS Ventura 13.0.1

(Also the alert/message in BlockBlock v2.1.5 has been updated to instruct users to update to Ventura 13.0.1).