SEP (Symantec Endpoint Protection) for Mac may register a HWID (Hardward ID, AKA Hardware Key) that is the same as one or more Mac clients. This may result in only one client entry listed in the SEPM (SEP Manager) for several machines, or other reporting discrepancies.
Ususally this is the result of some type of cloning operation. SEP for Mac should regenerate a new HWID when there has been changes to the network adapter MAC addresses or disk numbering, but in some situations it may continue using old HWID data.
The following terminal command-line instructions assume that the SMC folder location is current directory—
SEP 14.2 RU2: /Library/Application\ Support/Symantec/Silo/MES/SMC
SEP 14.2 RU1 MP2 and older: /Library/Application\ Support/Symantec/SMC
To force SEP for Mac to regenerate its HWID, perform the following steps:
sudo launchctl unload /Library/LaunchDaemons/com.symantec.symdaemon.*plist
Delete the following files - make note of HARDWAREID in the xml file:
Enabling sylink debug logging - this will force regeneration of new SymantecRegistry.xml file. It may take some moments (after restarting symdaemon below) before it is repopulated with HARDWAREID
sudo launchctl load /Library/LaunchDaemons/com.symantec.symdaemon.*plist
NOTE: SEP for Mac generates its HWID based on a fixed hash (no randomization) of network adapter MAC address(es), hard drive volume IDs, and macOS serial number. Repeating the steps above should result in the same HWID; if the result is a new one then you can assume that the old was a duplicate or otherwise based on hardware that is no longer present. You may see the HWID as HARDWAREID in xml file above, or by enabling sylink debug logging and searching smc_debug.log for "hardware key"