The following command line input will return version information, if SEP is installed:
defaults read /Applications/Symantec\ Solutions/Symantec\ Endpoint\ Protection.app/Contents/Info CFBundleShortVersionString
Example output: 14.2.4806.1100
Using Activity Monitor, check for the running process named SymDaemon. This means SEP is installed and running.
Managed client check:
Serdef.dat will be present in /Library/Application Support/Symantec/SMC/data/ if SEP is managed
Kernel extension check:
From terminal run the command line:
kextstat | grep -i symantec
The four expected kernel extensions are:
Note that the kextstat output will still list an extension as loaded even if the related SEP component is disabled via product settings.
AutoProtect status check and ShowSettings tool:
The previously provided ShowSettings tool is no longer available. It crashes when used with SEP 14.3 for Mac, and was based on a developer tool that will not be continued. Broadcom is aware of this and this article will be updated when there is a native solution to query AutoProtect and other component status of SEP for Mac. ShowSettings was never shipped with SEP; it was formerly provided for NAC vendors to integrate in their product. If you are encountering errors involving "ShowSettings" then open a support case with your NAC vendor or whoever provides the software that uses it—it should be removed from that product.
To determine the IPS status, grep /var/log/system.log for "IPS Enabled : 1" or "IPS Enabled : 0"