When scanning an Apple Mac Endpoint that has the M1 chip, the exclusions list needs to be updated.

Workaround:

Add the exclude entries to the following file on Enforce:

•  /opt/Symantec/DataLossPrevention/EnforceServer/16.0.10000/Protect/config/Manager.properties

 
Key to add to: com.vontu.manager.endpoint.discover.prepopulatedExcludeFilters

•  Value to append:   /private/var/db/KernelExtensionManagement/*

As follows:

$Windows$/*,/Applications/*,/System/*,/.Spotlight*,*.mp3,*.wma,*.wav,*.vox,*.aac,*.3gp,*.dat,*.iso,*.dmg,*.app,*.avi,*.mpeg,*.wmv,*.mov,*.mp4,*.dylib,*.jar,*.dll,*.exe,$ProgramFiles$/*,/opt/*,/sbin/*,/bin/*,/usr/bin/*,/Library/Manufacturer/*,*.so,/boot/*,/Applications/*,/System/*,/Library/Manufacturer/*,/private/var/db/KernelExtensionManagement/KernelCollections/*

Two Reasons the exclusion update is needed:

• The private/var/db/KernelExtensionManagement/KernelCollections/ has new file/data from Apple that EDPA currently does not know how to handle and may crash.
  
  
• For Mac systems that have SIP enabled, which is what the majority of Mac users have,  Root level Folders like /System/* are Apple writeable only and unless the customer wants to scan data that is part of MacOS, we should exclude it.
  However, please note that /Applications folder is user writeable, and we should leave it up to the customer if they choose to exclude it.