Outlook Crash on SEP MacOS After Upgrade to 14.3 RU2

book

Article ID: 222653

calendar_today

Updated On:

Products

Endpoint Security

Issue/Introduction

Outlook Crashes on multiple Symantec Endpoint Protection Mac devices after upgrade to 14.3 RU2.

Crash reference:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	0x00007fff6f4a433a __pthread_kill + 10
1   libsystem_pthread.dylib       	0x00007fff6f560e60 pthread_kill + 430
2   libsystem_c.dylib             	0x00007fff6f42b808 abort + 120
3   libsystem_malloc.dylib        	0x00007fff6f52150b malloc_vreport + 548
4   libsystem_malloc.dylib        	0x00007fff6f52440f malloc_report + 151
5   f7f97d454687c58d3cacd626      	0x000000010a2f70c5 SettingTool::DomainSettingClient::OpenDomain(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, bool) + 499
6   f7f97d454687c58d3cacd626      	0x000000010a2f6d8d SettingTool::DomainSettingClientFactory::Create(std::__1::shared_ptr<SettingTool::IDomainSettingClient>&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, bool) + 141
7   f7f97d454687c58d3cacd626      	0x000000010a2f9418 SettingTool::ReadCommand::performCommand(boost::program_options::variables_map const&) + 284
8   f7f97d454687c58d3cacd626      	0x000000010a2ed782 int CommandExecutor<SettingTool::ReadCommand>(boost::program_options::variables_map const&) + 61
9   f7f97d454687c58d3cacd626      	0x000000010a2ecd7a main + 762
10  libdyld.dylib                 	0x00007fff6f35ccc9 start + 1

Cause

This is related to the tool ShowSettings (SettingsTool). This is used to check the install, state, etc., of the SEP Mac Client. It is incompatible with the latest version of the SEP client.

Environment

Release : 14.3 RU2

Resolution

The tool was provided to third-party NAC vendors so they could incorporate it into their host integrity checks; see How to determine if Endpoint Protection for Macintosh is installed and running. Find out vendor using it in the environment and see how they are running it, and remove/disable it from running at all.