Endpoint Protection

  • Private Community
 View Only

 SEP 14.3 RU1 client for Mac repeatedly displaying

Abbers's profile image
Abbers posted Dec 07, 2020 12:23 PM
Hello all

I've installed SEP 14.3 RU1 for Mac onto two of our Big Sur Macs.

Install was straightforward, and I connected the Macs to our existing SEPM Manager, which is still running 14.2 RU2 MP1.

Clients and Server are communicating, and realtime file scanning is working on the Mac clients.

However, every so often (as frequently as every ten minutes) a window appears in the bottom right of the Mac client stating:

You are at risk!

You haven't finished Swetup and your computer is not protected.

Click Finish Setup to update your preferences and activate your protection.



I click Finish Setup and Symantec Endpoint Protection opens and asks me to click "Allow Network Content Filtering", which is the same screen I saw during the SEP client installation process.



I click Next, then the SEP client says I'm protected, but ten minutes later, the same pop-up window will appear again telling me I need to finish setup, so I have to repeat the above process again.



This has been going on all day, on both Mac clients.  I'm interrupted every ten minutes by a pop-up window telling me to finish setup and activate the software, but once I've completed the steps, I'm interrupted again shortly after.

I am unable to rollout Big Sur until we have Antivirus protection, but the current situation is unusable.

Please help!

Thank you


John Owens's profile image
Broadcom Employee John Owens posted Dec 08, 2020 10:34 AM
The SEPM needs to be upgraded to 14.3 RU1.  This may be why you are seeing this issue.  Older SEPM builds cannot manage 14.3 RU1 Mac clients.  Please test this and let us know.
Abbers's profile image
Abbers posted Dec 16, 2020 01:40 PM
Unfortunately, upgrading our SEP Manager did not fix the problem.

I upgraded our SEP Manager from 14.2 RU2 MP1 to 14.3 RU1 but our MacOS Big Sur clients are still displaying the warning every 10 to 15 minutes.

Is there anything configuration I have to make on the SEP Manager to resolve this issue?

Thank you
Maurits Sanders's profile image
Maurits Sanders posted Dec 18, 2020 07:32 AM

Hi  @Abbers. We see this too, both on macOS 10.15.7 and macOS 11

You do realise that for Big Sur you need to specify a content-filter?
This is documented here: https://knowledge.broadcom.com/external/article/176222/endpoint-protection-endpoint-security-f.html

I think there is a typo in the reference profile (from this article)

<key>FilterPacket</key>
<true/>
should be
<key>FilterPackets</key>
<true/>

Let me know when you find any tips or solutions.
I am trying to make the profile with the required settings on several ways (the GUI of WS1 makes profiles with slightly different xml than the reference profile from the article, but the error you describe repeats itself any way I try.

Our AV team has reported it to Broadcom, no solution or response yet. {Case#32437601}
Abbers's profile image
Abbers posted Dec 18, 2020 05:03 PM

Thank you for your comment, Maurits Sanders.

I did not realise that I have to specify a content filter.

I did see that article when I was troubleshooting this issue, and although Step 4 of the Resolution is Allow Network Content Filtering (new in macOS 10.15 and SEP 14.3 RU1) I thought the SEP 14.3 RU1 installer did this automatically, as shown in the second screenshot in my original post.  During the SEP install, I saw a MacOS warning screen appear to allow Network Content Filtering, and I did approve this.

Do I need to make another configuration change somewhere else on the Mac, or within the SEP Manager?

I'm not using Jamf or other MDM at the moment, but if necessary I can use Profile Manager supplied with the MacOS Server app to apply config files.

Thank you again.

jinwai's profile image
jinwai posted Dec 19, 2020 09:41 AM

I am also facing this issue. However, I am not using SEPM. All clients are Unmanaged. Currently I am using Bitdefender Total Security 90 days Trial for affected Big Sur user as temporary workaround while waiting for Broadband to fix it ASAP.

https://community.broadcom.com/symantecenterprise/communities/community-home/digestviewer/viewquestion?ContributedContentKey=2018a5d4-e6e1-4c02-9a56-ce391d961dd8&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=digestviewer