Endpoint Protection / Endpoint Security for Mac regularly displays "You are at Risk! Finish setup"
Article ID: 215580
Updated On:
Products
Issue/Introduction
Symantec Endpoint Protection / Endpoint Security (SEP/SES) for Mac regularly displays "You are at Risk! Finish setup" despite MDM profile in place to approve security settings required by Symantec. Clicking "Finish Setup" and opening the SEP client GUI provides no further prompt for missing setup permissions—all appears OK and the popup can be dismissed but will return after some minutes or after reboot.
Environment
SEP/SES for Mac
Cause
SEP for Mac uses Socket Filtering for IPS and Network (Packet) Filtering for firewall. If one of those is missing in the MDM profile you will see these symptoms.
Resolution
Be sure to use the recommended MDM settings for SEP maintained in another KB doc: Pre-approving the macOS permissions required by Endpoint Protection / Endpoint Security
Check the Content Filter settings in your MDM profile for SEP Network Security—Jamf screenshot below. Socket Filter and Network Filter should both be enabled and using identical Bundle Identifier and Requirements.
Bundle Identifier:
com.broadcom.mes.systemextension
Designated Requirement:
identifier "com.broadcom.mes.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "Y2CCP3S9W7"
Feedback
