I understand that the knee-jerk response to this is that the related app is not properly signed/notarized. But this failure is occurring for some of my customers despite a properly signed SEP app (Symantec Endpoint Protection version 14.3 RU3). I've discovered that an additionally installed product can cause this in some instances—the WSS agent (Symantec Web Security Service). When WSS is also installed I get the same SEP activation error and results from command-line check of SEP:
% spctl --assess --verbose /Applications/Symantec\ Endpoint\ Protection.app
/Applications/Symantec Endpoint Protection.app: rejected
source=Unnotarized Developer ID
...and when I remove WSS, this same check is OK and the SEP systemextension activation is successful:
% spctl --assess --verbose /Applications/Symantec\ Endpoint\ Protection.app
/Applications/Symantec Endpoint Protection.app: accepted
source=Notarized Developer ID
So, my question is: how could WSS (or any other product or configuration) be interfering with the notarization check of another app? In most cases of this, WSS is not installed and I don't know where to look for the interference. The work-around so far has been to install the previous version of SEP (14.3 RU2) then upgrade to RU3 and that (oddly enough) is OK. I am working with the SEP developers already on this and am looking in parallel for some direction I can point them. Thanks.
bump