How to determine if Symantec Endpoint Protection (SEP) for Macintosh 14.2 RU1 or 14.2 RU1 MP1 is installed and running:
defaults read /Applications/Symantec\ Solutions/Symantec\ Endpoint\ Protection.app/Contents/Info CFBundleShortVersionString
Using Activity Monitor, check for the running process named SymDaemon. This means SEP is installed and running.
Serdef.dat will be present in /Library/Application Support/Symantec/SMC/data/ if SEP is managed
kextstat | grep -i symantec
com.symantec.internetSecurity.kext
com.symantec.nfm.kext
com.symantec.ips.kext
com.symantec.SymXIPS
showsettings2 read --domain autoprotect | grep 'Enabled' | sed -n 3p
The output will be ‘Enabled : 0' or 'Enabled : 1' depending on Autoprotect status. 0 for disabled. 1 for enabled.
Error when running showsettings2 when SEP 14.2 RU2 is installed -
dyld: Library not loaded: @rpath/SymSharedSettings2.framework/Versions/A/SymSharedSettings2
Referenced from: /Users/admin/Desktop/./showsettings2
Reason: image not found
Solution: use signed ShowSettings tool for SEP 14.2 RU2 and newer.
Note: If the error: "Failed to open domain: 251" is encountered, then run the ShowSettings tool from the /tmp folder.
To determine the IPS status, grep /var/log/system.log for "IPS Enabled : 1" or "IPS Enabled : 0"
REFERENCE ID : : 3635637, 4215361/n DESCRIPTION :
Need command-line method to determine status of Macintosh SEP IPS
Need standardized CLI API for NAC queries of SEP Mac client state
/n REFERENCE ID : : ESCRT-2829/n DESCRIPTION :
NAC software is not detecting AV running on SEP 14.2 RU2 for macOS
/n REFERENCE ID : : ESCRT-2829/n DESCRIPTION :
NAC software is not detecting AV running on SEP 14.2 RU2 for macOS