How to determine if Endpoint Protection for Macintosh is installed and running
Article ID: 178268
Updated On:
Products
Endpoint Protection
Issue/Introduction
How to determine if Endpoint Protection for Macintosh is installed and running
Resolution
Version check:
The following command line input will return version information, if SEP is installed:
defaults read /Applications/Symantec\ Solutions/Symantec\ Endpoint\ Protection.app/Contents/Info CFBundleShortVersionString Example output: 14.2.4806.1100
SymDaemon check:
Using Activity Monitor, check for the running process named SymDaemon. This means SEP is installed and running.
Managed client check:
Serdef.dat will be present in /Library/Application Support/Symantec/SMC/data/ if SEP is managed
Kernel extension check:
From terminal run the command line:
kextstat | grep -i symantecThe four expected kernel extensions are:
com.symantec.internetSecurity.kext
com.symantec.nfm.kext
com.symantec.ips.kext
com.symantec.SymXIPSNote that the kextstat output will still list an extension as loaded even if the related SEP component is disabled via product settings.
AutoProtect status check and ShowSettings tool:
The previously provided ShowSettings tool is no longer available. It crashes when used with SEP 14.3 for Mac, and was based on a developer tool that will not be continued. Broadcom is aware of this and this article will be updated when there is a native solution to query AutoProtect and other component status of SEP for Mac. ShowSettings was never shipped with SEP; it was formerly provided for NAC vendors to integrate in their product. If you are encountering errors involving "ShowSettings" then open a support case with your NAC vendor or whoever provides the software that uses it—it should be removed from that product.
To determine the IPS status, grep /var/log/system.log for "IPS Enabled : 1" or "IPS Enabled : 0"
Feedback
Yes
No
Powered by
