The Symantec Unified Agent cannot connect to the Internet. In the GUI you see the error, "Not Connected to ThreatPulse - Failure Mode (Closed)."
To resolve the issue, install the Entrust CA (2048) root certificate onto the workstation. You can manually download the certificate from Entrust's site, or you can download the latest Microsoft root certificate update from Microsoft's website. This document includes both ways of updating the client.
Note: The workstation is effectively shut down and cannot reach the Internet. You can download the necessary updates to a USB stick and install it onto the affected workstation from the USB drive. If that is not possible to do, then uninstall the client, install the Entrust CA (2048) certificate using one of the methods below, and reinstall the Unified Agent.
NOTE: On some workstations that have not been updated in a long time, or workstations that do not have any patches beyond Windows XP SP3, that even with the Entrust Root CA (2048) installed, the client continues to return the L1C error as described in the problem description. The work-around it is to go to https://support.microsoft.com/kb/931125 and download and install the latest root certificate update patch. Even with a workstation that has Windows XP SP3 unpatched beyond SP3, installing the root cert update from KB931125 is sufficient to get the client installed and working. Symantec does not recommend that customers run with computers that far out of date. Computer operating systems that are out of date can be exposed to security vulnerabilities in the operating system.
For Windows XP users, about once per quarter, Microsoft updates their root certificates. Symantec recommends that the latest root certificate update is installed on the workstation via Windows Update under the "Optional" downloads section. Microsoft KB931125 (http://support.microsoft.com/kb/931125) documents the process for the various Windows OSes.
Right-click on the Unified Agent icon in the system tray and select Status > Advanced > Show File. Search the log file for "Entrust Certification Authority" to see if the log contains the error in the problem that is described above. If so, then download the Entrust CA (2048) certificate and install it on the workstation.
Unified Agent uses the Entrust CA (2048) root certificate. This error occurs when the Entrust CA (2048) root certificate is not installed on the workstation. When the client is installed in interactive mode, it detects if the root certificate is installed. If the Entrust CA (2048) is not installed, then the client installation fails. However, when the client is run in non-interactive mode (/quiet switch used), then the root certificate check is not performed and the client installs. Clients newer than 1.4.12000.0 checks for the Entrust Root CA (2048) in both interactive and non-interactive mode. Unified Agent always checks for the Entrust certificate before install. If you experience a problem with the client not checking for the Entrust root cert, go to https://portal.threatpulse.com/ and download the latest version of the client and rerun your test. If it continues to be an issue, then please contact Symantec Technical Support and open a service request.
The process for installing entrust certificate on macOS is the same as windows where you need to double click on the downloaded root certificate and install it on the machine.