How to disable IPS data submission on Symantec Endpoint Protection for Mac clients

book

Article ID: 181506

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

In both the Symantec Endpoint Protection Manager (SEPM) console and the Symantec Endpoint Protection (SEP) for Mac client interface (12.1.4 or later), you have the option in the user interface to disable the submission of virus and spyware detection data. There is no comparable interface setting for disabling IPS submissions, but you can disable IPS submissions by running a command on a client computer.

To disable IPS data submission

  1. Open Terminal (by default, located in /Applications/Utilities/Terminal).
     
  2. Enter the following commands.

    Note: After you enter the first command, you may be prompted to enter your administrative password. When you do, the password does not appear in the Terminal window. Press Enter once you have finished typing the password in the Terminal window, and then enter the second command.
     
    sudo touch "/Library/Application Support/Symantec/Submissions/Disabled"
    sudo chown root:admin "/Library/Application Support/Symantec/Submissions/Disabled"



  3.  
  4. Once you create the Disabled file, restart the computer, or restart SymDaemon by entering the following commands in Terminal:
     
    sudo launchctl unload "/Library/LaunchDaemons/com.symantec.symdaemon.*plist"
    sudo launchctl load "/Library/LaunchDaemons/com.symantec.symdaemon.*plist"  
    # the asterisk in daemon pathnames will accommodate suffix variations - SEP 12.1.x uses .plist and SEP 14.0 uses .NFM.plist
    
    

 

To re-enable IPS data submission, delete the Disabled file with the following command in Terminal, and then perform step 3 again from the previous procedure.

sudo rm "/Library/Application Support/Symantec/Submissions/Disabled"