Apple Continuity features stops working when Bluetooth Device Control is enabled
search cancel

Apple Continuity features stops working when Bluetooth Device Control is enabled

book

Article ID: 373205

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Protection Cloud Endpoint Security Endpoint Security Complete

Issue/Introduction

When Bluetooth is blocked by Device Control policies set by the Symantec Endpoint Security cloud console, Apple Continuity features stop working. They may also have noisy notifications.

Note
SEP may be able to block Bluetooth communication without explicit user permission on:

  • macOS 12
  • macOS 13

Environment

  • SEP 14.3 RU9 Mac Clients
  • Symantec Endpoint Security 
  • Device Control
  • Bluetooth
  • macOS 12 (Monterey), 13 (Ventura), 14 (Sonoma) 
  • Apple Continuity features:
    • AirDrop
    • AirPlay to Mac
    • Auto Unlock and Approve with Apple Watch
    • Continuity Camera
    • Continuity Markup
    • Continuity Sketch
    • Handoff
    • Instant Hotspot
    • Phone Calls
    • Sidecar
    • SMS Messages
    • Universal Clipboard
    • Universal Control

Cause

  • Apple Continuity features use Bluetooth for discovery.
  • Activating Bluetooth Protection with a Device Control policy will prevent Apple Continuity features from working.
  • Mac Clients may be included in a Device Control Policy or policy group that unwittingly activates Bluetooth Protection.
  • Clients running macOS 12 or 13 may not be able to deny SEP access to Bluetooth Device Control.

Resolution

If you wish to use "Apple Continuity" and Device Control on Mac Clients there are 3 options:

  1. Don't block Bluetooth.
  2. Add Allow rules for Bluetooth Protection for Apple devices with
    • Vendor of '004C'
    • Major Device Type of '1-Computer'
  3. Add Allow rules for Bluetooth Protection with
    • Vendor of '004C'
    • Major Device Type of '1-Computer'
    • Address of the connected Mac device.

If you want to block Apple Continuity, then use a firewall rule.

Additional Information

macOS versions 12 and 13 (Ventura and Monterey)


These older versions have a defect that allows Bluetooth to be used by SEP without explicit permission being granted by the popup during the SEP installation. If there is no MDM profile for the Mac Client and there are Bluetooth rules set in the cloud console, then, even if denied locally during the setup, SEP can continue to block Bluetooth in macOS 12 and 13 and cause Apple Continuity features to break.

Apple Continuity is a group of features that use WiFi and Bluetooth

For more information on Apple Continuity features, see:

https://support.apple.com/en-sg/guide/mac-help/mchl1d734309/mac#:~:text=To%20use%20Continuity%20features%2C%20sign,Continuity%20features%20on%20Apple%20devices 

How SEP 14.3 interacts with Apple's macOS

Continuity features use Bluetooth to discover nearby Apple devices. The connection attempts would bombard the user interface with popup notifications, see: https://knowledge.broadcom.com/external/article/373170

Apple Continuity features must have either specific hardware exceptions, or not blocked at all, and prevention of Continuity features should be done by a Firewall rule, to prevent constant log and UI notifications.

Powered by Wolken Software