ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Endpoint Protection re-prompts user to authorize system extensions after macOS upgrade to 10.15

book

Article ID: 186388

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection re-prompts user to authorize system extensions after macOS upgrade to 10.15, despite a JAMF or other configuration policy in place that allows these extensions.

Cause

SEP uses a new systemextension in macOS 10.15 Catalina that requires authorization.

macOS 10.14 and older does not use this extension and if such a profile has been applied before upgrading to macOS 10.15, it will need to be withdrawn and re-applied.

Environment

Release : Symantec Endpoint Protection 14.2

Component : SEP for Mac

OS version: macOS 10.15 "Catalina"

Resolution


Please consult with JAMF support for policy management when upgrading to macOS 10.15 from earlier versions. See Endpoint Protection for macOS 10.15 requires additional permissions to function and guidelines below:

  • It is recommended to make "smart groups" based on operating systems, i.e. two smart computer groups for macOS 10.15 and macOS 10.14 and older.

  • Apply only the *.kext whitelisting profile to macOS 10.14 and older because they do not use *.systemextension.

  • In macOS 10.15 smart group, use a profile with all three payloads: *.kext whitelisting, *.systemextension whitelisting and PPPC.

  • When macOS is upgraded, correct profile should be applied, and any products already installed before the upgrade should use the applicable *.systemextension whitelisting.

  • For more configuration details and troubleshooting, customer should approach JAMF directly.


If macOS has already been upgraded to 10.15 with SEP installed, without taking precautions above, then remove and re-apply the JAMF configuration policy for Symantec. You must do this BEFORE the SEP GUI is opened for the first time after the macOS upgrade, otherwise you will get a warning about the extensions and they will be stuck in "awaiting user authorization".

If the SEP client GUI has already been open and the extension warning displayed then removing/re-applying the configuration policy will not help. You will need to uninstall SEP by using the Uninstall command in the client's "Symantec Endpoint Protection" menu. Do not use RemoveSymantecMacfiles—it does not properly remove the new system extensions. Then re-install SEP and the configuration policy should be properly recognized.