search cancel

Endpoint Protection re-prompts user to authorize system extensions after macOS upgrade to 10.15


Article ID: 186388


Updated On:


Endpoint Protection


Symantec Endpoint Protection re-prompts user to authorize system extensions after macOS upgrade to 10.15, despite a JAMF or other configuration policy in place that allows these extensions.


SEP uses a new systemextension in macOS 10.15 Catalina that requires authorization.

macOS 10.14 and older does not use this extension and if such a profile has been applied before upgrading to macOS 10.15, it will need to be withdrawn and re-applied.


Release : Symantec Endpoint Protection 14.2

Component : SEP for Mac

OS version: macOS 10.15 "Catalina"


Please consult with JAMF support for policy management when upgrading to macOS 10.15 from earlier versions. See Endpoint Protection for macOS 10.15 requires additional permissions to function and guidelines below:

  • It is recommended to make "smart groups" based on operating systems, i.e. two smart computer groups for macOS 10.15 and macOS 10.14 and older.

  • Apply only the *.kext whitelisting profile to macOS 10.14 and older because they do not use *.systemextension.

  • In macOS 10.15 smart group, use a profile with all three payloads: *.kext whitelisting, *.systemextension whitelisting and PPPC.

  • When macOS is upgraded, correct profile should be applied, and any products already installed before the upgrade should use the applicable *.systemextension whitelisting.

  • For more configuration details and troubleshooting, customer should approach JAMF directly.

If macOS has already been upgraded to 10.15 with SEP installed, without taking precautions above, then remove and re-apply the JAMF configuration policy for Symantec. You must do this BEFORE the SEP GUI is opened for the first time after the macOS upgrade, otherwise you will get a warning about the extensions and they will be stuck in "awaiting user authorization".

If the SEP client GUI has already been open and the extension warning displayed then removing/re-applying the configuration policy will not help. You will need to uninstall SEP by using the Uninstall command in the client's "Symantec Endpoint Protection" menu. Do not use RemoveSymantecMacfiles—it does not properly remove the new system extensions. Then re-install SEP and the configuration policy should be properly recognized.