Release : Symantec Endpoint Protection 14.2

Component : SEP for Mac

OS version: macOS 10.15 "Catalina"

Please consult with JAMF support for policy management when upgrading to macOS 10.15 from earlier versions. See Endpoint Protection for macOS 10.15 requires additional permissions to function and guidelines below:

• It is recommended to make "smart groups" based on operating systems, i.e. two smart computer groups for macOS 10.15 and macOS 10.14 and older.
  
  
• Apply only the *.kext whitelisting profile to macOS 10.14 and older because they do not use *.systemextension.
  
  
• In macOS 10.15 smart group, use a profile with all three payloads: *.kext whitelisting, *.systemextension whitelisting and PPPC.
  
  
• When macOS is upgraded, correct profile should be applied, and any products already installed before the upgrade should use the applicable *.systemextension whitelisting.
  
  
• For more configuration details and troubleshooting, customer should approach JAMF directly.

If macOS has already been upgraded to 10.15 with SEP installed, without taking precautions above, then remove and re-apply the JAMF configuration policy for Symantec. You must do this BEFORE the SEP GUI is opened for the first time after the macOS upgrade, otherwise you will get a warning about the extensions and they will be stuck in "awaiting user authorization".

If the SEP client GUI has already been open and the extension warning displayed then removing/re-applying the configuration policy will not help. You will need to uninstall SEP by using the Uninstall command in the client's "Symantec Endpoint Protection" menu. Do not use RemoveSymantecMacfiles—it does not properly remove the new system extensions. Then re-install SEP and the configuration policy should be properly recognized.