macOS kernel panics when Endpoint Protection or Endpoint Security is installed

book

Article ID: 198544

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security

Issue/Introduction

macOS kernel panics when SEP/SES (Symantec Endpoint Protection/Security) is installed

Cause

There can be various causes for this; please see Resolution section for general troubleshooting and links to specific issues.

Resolution

Configure your Mac to generate a core dump when the next panic occurs: Apple Technical Note TN2118 - Kernel Core Dumps. Please consult with Apple Technical Support; there may be additional steps necessary for your specific Apple hardware.

Enable symdaemon debug logging per instructions here

After next panic, collect the core dump and also a diagnostic report from the affected Mac: Gathering information about Symantec products on a Mac using GatherSymantecInfo

Open a case with Symantec at support.broadcom.com/security and upload the GatherSymantecInfo report and any core dump(s) to your case.

Try to isolate the cause of the panic to a specific SEP component or other hardware/software configuration:

  • Replace SEP with an unmanaged client and re-test. Use the newest version of SEP client; the Mac and Linux clients are relatively flexible about version differences with the SEPM (SEP Manager) and it is not necessary to upgrade the Manager to test a single client. If panic doesn't recur, convert client again to managed and configure it for "Client Control" in the SEPM and continue testing...

  • Disable individual SEP components one-at-a-time using toggles in Settings pane of local SEP UI. Note which components, if any, relieve the symptoms when disabled.

  • Perform the same type of testing after detaching or disabling any special hardware connected to the Mac.

  • If no relief from panics via steps above, try disabling SEP kernel extension and re-enabling them one at a time. This step would not apply to SEP for Mac 14.3 RU1 (14.3.3384) or newer, since those versions do not use kernel extensions.

    # reboot to macOS Recovery Mode and open Terminal window there to perform these steps!
    # SIP and macOS system file protections will otherwise interfere

    cd /Volumes/[System_Volume_Name]/Library/Extensions
    mkdir disabled
    mv NortonForMac.kext SymIPS.kext SymInternetSecurity.kext SymXIPS.kext disabled

    # reboot to normal mode; nothing should be listed by "kextstat | grep symantec"
    # re-enable kext (again in Recovery Mode) by moving it out of "disabled" folder and rebooting

     

Report your observations in your support case.

Specific/past issues

Endpoint Security upgrade on Mac devices causes repeated kernel panics

After installing or upgrading to Endpoint protection for Mac 14.2 the system kernel panics after the first restart

 

Related links

Did that Mac just restart itself? About kernel panics