macOS kernel panics when Endpoint Protection or Endpoint Security is installed
search cancel

macOS kernel panics when Endpoint Protection or Endpoint Security is installed

book

Article ID: 198544

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security

Issue/Introduction

macOS kernel panics when SEP/SES (Symantec Endpoint Protection/Security) is installed

Cause

There can be various causes for this; please see Resolution section for general troubleshooting and links to specific issues.

Resolution

Configure your Mac to generate a core dump when the next panic occurs: Apple Technical Note TN2118 - Kernel Core Dumps. Please consult with Apple Technical Support; there may be additional steps necessary for your specific Apple hardware.

If the panics do not occur when SEP is removed, then this is not a SEP issue and you should open a case with Apple support.

Otherwise, enable SEP SymDaemon debug logging per instructions here

After next panic, collect the core dump and also a diagnostic report from the affected Mac: Gathering information about Symantec products on a Mac using GatherSymantecInfo

Open a case with Symantec at support.broadcom.com/security and upload the GatherSymantecInfo report and any core dump(s) to your case.

Try to isolate the cause of the panic to a specific SEP component or other hardware/software configuration:

  • Replace SEP with an unmanaged client and re-test. Use the newest version of SEP client; the Mac and Linux clients are relatively flexible about version differences with the SEPM (SEP Manager) and it is not necessary to upgrade the Manager to test a single client. If panic doesn't recur, convert client again to managed and configure it for "Client Control" in the SEPM and continue testing...

  • Disable individual SEP components one-at-a-time using toggles in Settings pane of local SEP UI. Note which components, if any, relieve the symptoms when disabled.

  • Perform the same type of testing after detaching or disabling any special hardware connected to the Mac.

  • If no relief from panics via steps above, try disabling SEP kernel extension and re-enabling them one at a time. This step would not apply to SEP for Mac 14.3 RU1 (14.3.3384) or newer, since those versions do not use kernel extensions.

    # reboot to macOS Recovery Mode and open Terminal window there to perform these steps!
    # SIP and macOS system file protections will otherwise interfere

    cd /Volumes/[System_Volume_Name]/Library/Extensions
    mkdir disabled
    mv NortonForMac.kext SymIPS.kext SymInternetSecurity.kext SymXIPS.kext disabled

    # reboot to normal mode; nothing should be listed by "kextstat | grep symantec"
    # re-enable kext (again in Recovery Mode) by moving it out of "disabled" folder and rebooting

     

Report your observations in your support case.

Specific/past issues

macOS kernel panics when Endpoint Protection or Endpoint Security is installed

 

Related links

Did that Mac just restart itself? About kernel panics

Powered by Wolken Software