Symantec Endpoint Protection / Endpoint Security (SEP/SES) for Mac regularly displays "You are at Risk! Finish setup" despite MDM profile in place to approve security settings required by Symantec. Clicking "Finish Setup" and opening the SEP client GUI provides no further prompt for missing setup permissions—all appears OK and the popup can be dismissed but will return after some minutes or after reboot.
SEP/SES for Mac
SEP for Mac uses Socket Filtering for IPS and Network (Packet) Filtering for firewall. If one of those is missing in the MDM profile you will see these symptoms.
Be sure to use the recommended MDM settings for SEP maintained in another KB doc: Pre-approving the macOS permissions required by Endpoint Protection / Endpoint Security
Check the Content Filter settings in your MDM profile for SEP Network Security—Jamf screenshot below. Socket Filter and Network Filter should both be enabled and using identical Bundle Identifier and Requirements.
identifier "com.broadcom.mes.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113618.104.22.168.6] /* exists */ and certificate leaf[field.1.2.840.113622.214.171.124.13] /* exists */ and certificate leaf[subject.OU] = "Y2CCP3S9W7"