search cancel

Endpoint Protection / Endpoint Security for Mac regularly displays "You are at Risk! Finish setup"

book

Article ID: 215580

calendar_today

Updated On:

Products

Endpoint Security

Issue/Introduction

Symantec Endpoint Protection / Endpoint Security (SEP/SES) for Mac regularly displays "You are at Risk! Finish setup" despite MDM profile in place to approve security settings required by Symantec. Clicking "Finish Setup" and opening the SEP client GUI provides no further prompt for missing setup permissions—all appears OK and the popup can be dismissed but will return after some minutes or after reboot.

Cause

SEP for Mac uses Socket Filtering for IPS and Network (Packet) Filtering for firewall. If one of those is missing in the MDM profile you will see these symptoms. 

Environment

SEP/SES for Mac

Resolution

Be sure to use the recommended MDM settings for SEP maintained in another KB doc: Pre-approving the macOS permissions required by Endpoint Protection / Endpoint Security 

Check the Content Filter settings in your MDM profile for SEP Network Security—Jamf screenshot below. Socket Filter and Network Filter should both be enabled and using identical Bundle Identifier and Requirements. 

Bundle Identifier:
com.broadcom.mes.systemextension

Designated Requirement:
identifier "com.broadcom.mes.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "Y2CCP3S9W7"

Attachments