Endpoint Protection

SEP (14.2 RU2 – 14.3.0) under macOS 10.15 & 10.14 not communicating with SEPM

  • 1.  SEP (14.2 RU2 – 14.3.0) under macOS 10.15 & 10.14 not communicating with SEPM

    Posted 3 days ago

    I have already been working with Broadcom support with no progress, therefore seeing if anybody has some suggestions that I haven't tried yet.

     

    Problem: Starting with Apple's Security Update 2020-002 for macOS Mojave (10.14.x) and Catalina (10.15.x) released March 24, 2020, we have two major problems with SEP clients on macOS systems with communicating our SEPMs. First, vast majority (>95%) refuse to communicate with either SEPM we have despite working for many years and no changes to the Communication/Management Server List policies. Second, new SEP installs (via remote push by SEPM, exported client, and installing unmanaged SEP client and then updating the communication settings) will initially communicate with one SEPM, but then refuses to communicate again and doesn't receive a Symantec Policy Serial Number (and acts more like an unmanaged client).

     

    Affected SEPM versions: 14.2 RU2, 14.2 RU2 MP1, and 14.3 (14.3.558.000/current)

    Affected SEP macOS client versions: 14.2.5323.2000, 14.2.5569.2100, 14.2.5580.2100, 14.2.5587.2100, and 14.3.510.0000 (current)

    Affect macOS versions: macOS Mojave (10.14.x) and Catalina (10.15.x) versions after receiving Apple's Security Update 2020-002 released March 24, 2020 (https://support.apple.com/en-us/HT211100)

     

    SEPM Configuration: We use a valid commercial wildcard certificate because of internal security requirements and cannot use self-signed certificates. We have no communication problems with our Windows systems.

     

    Troubleshooting: I created a new group on SEPM for troubleshooting with the default Virus and Spyware Protection, LiveUpdate, and Memory Exploit Migration policies (minimum required). For the Communication or Management Server List, I created one that uses <FQDN_of_SEPM>:8014 (with HTTP and not HTTPS, because years ago SEP under macOS would not accept any certificate, self-assigned or wildcard; also tried using <FQDN_of_SEPM>:80). I am using a Mac laptop with 10.15.4 (all updates from Apple installed), connects via Cisco AnyConnect VPN, built-in Apple firewall disabled, uninstalled SEP (also ran RemoveSymantecMacFiles because the uninstaller doesn't remove all files, especially with 14.3.0), and installed the SEP client (tried 14.2.5323.2000, 14.2.5569.2100, 14.2.5580.2100, 14.2.5587.2100, and 14.3.510.0000; all have same problem) via (1) remote installation from SEPM, (2) package exported from SEPM, or (3) installed the unmanaged client and then pushed the communication settings. All results with the same result of the SEP initially communicating with a SEPM then refuses to communicate again and doesn't receive a Symantec Policy Serial Number (and acts more like an unmanaged client).

     

    Support did find the following in the logs submitted, but no suggestion on a resolution (other than steps I have already taken):

    softwareupdated[580]: SUOSUServiceDaemon: Error reading /var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.OSUpdate.SUOSUServiceDaemon.state: Error Domain=NSCocoaErrorDomain Code=260 "The file "com.apple.OSUpdate.SUOSUServiceDaemon.state" couldn't be opened because there is no such file." UserInfo=

    Since support hasn't been helpful thus far, any suggestions or ideas would be appreciated.

    Thanks,
    Scott