Mac Agents do not send File Activity events to EDR
search cancel

Mac Agents do not send File Activity events to EDR

book

Article ID: 273207

calendar_today

Updated On:

Products

Endpoint Detection and Response Endpoint Detection and Response Cloud Endpoint Detection and Response Hardware Endpoint Detection and Response with Network Sensor Endpoint Protection Endpoint Protection Cloud Endpoint Security Endpoint Security Complete Managed Endpoint Detection and Response

Issue/Introduction

File Activity [8003] events are no longer sent by Mac agents. 

Environment

SEP 14.3 RU6 and later
EDR 4.8 and earlier
Mac Agent

Cause

Ongoing changes to operating systems and security technologies require ongoing tuning to how Broadcom handles incoming event volumes. File events are now remaining in the local event store. A new feature in Symantec Endpoint Security (SES) for August is the ability to request and upload Full Dumps for Mac agents. Customers who have not migrated to Symantec Endpoint Security will have new features in EDR 4.9, allowing Full Dumps for Mac agents.

Resolution

  • For SES, use the Full Dump feature from the cloud console to review File Activity events for Mac agents.
  • For on-prem SEPM configured Mac agents, please look for the Full Dump feature in an upcoming release of EDR.
Powered by Wolken Software