User Profile

Posts

Posts

Post marked as solved
4 Replies
1.1k Views

activateSystemExtension Failed: error:Error Domain=OSSystemExtensionErrorDomain Code=8 "(null)"

I understand that the knee-jerk response to this is that the related app is not properly signed/notarized. But this failure is occurring for some of my customers despite a properly signed SEP app (Symantec Endpoint Protection version 14.3 RU3). I've discovered that an additionally installed product can cause this in some instances—the WSS agent (Symantec Web Security Service). When WSS is also installed I get the same SEP activation error and results from command-line check of SEP: % spctl --assess --verbose /Applications/Symantec\ Endpoint\ Protection.app /Applications/Symantec Endpoint Protection.app: rejected source=Unnotarized Developer ID ...and when I remove WSS, this same check is OK and the SEP systemextension activation is successful: % spctl --assess --verbose /Applications/Symantec\ Endpoint\ Protection.app /Applications/Symantec Endpoint Protection.app: accepted source=Notarized Developer ID So, my question is: how could WSS (or any other product or configuration) be interfering with the notarization check of another app? In most cases of this, WSS is not installed and I don't know where to look for the interference. The work-around so far has been to install the previous version of SEP (14.3 RU2) then upgrade to RU3 and that (oddly enough) is OK. I am working with the SEP developers already on this and am looking in parallel for some direction I can point them. Thanks.
Posted
by gdeff.
Last updated
.
Post not yet marked as solved
1 Replies
1k Views

How to obtain XML export of applied MDM profiles

How might I obtain an XML export of applied MDM profiles from an individual macOS machine? I currently troubleshoot related customer problems by requesting an XML export from the MDM console but I would like to get it directly from the target Mac. This way I can confirm that a Mac does not in fact have the required profile in place and it is either not assigned correctly in the management tool or there is some other MDM communication problem.
Posted
by gdeff.
Last updated
.
Post not yet marked as solved
2 Replies
440 Views

What is meaning of notarization warnings

I am notarizing SEPRemote.pkg, built following instructions here: https://knowledge.broadcom.com/external/article/181587 Notarization succeeds, but there are two warnings in the log: { "severity": "warning", "code": null, "path": "SEPRemote.pkg/SEPRemote.pkg Contents/Payload/private/tmp/Norton for Mac SKU.mpkg/SEPEG_SKU.UniversalESD.pkg Contents/Payload/Library/Application Support/Symantec/Silo/MES/SymUIAgent/Symantec.app/Contents/Resources/Norton.app", "message": "Unable to notarize SEPRemote.pkg/SEPRemote.pkg Contents/Payload/private/tmp/Norton for Mac SKU.mpkg/SEPEG_SKU.UniversalESD.pkg Contents/Payload/Library/Application Support/Symantec/Silo/MES/SymUIAgent/Symantec.app/Contents/Resources/Norton.app", "docUrl": null, "architecture": null } and { "severity": "warning", "code": null, "path": SEPRemote.pkg/SEPRemote.pkg Contents/Payload/private/tmp/Norton for Mac SKU.mpkg/SEPEG_SKU.UniversalESD.pkg Contents/Payload/Applications/Symantec Endpoint Protection.app/Contents/Resources/ApplicationNorton.app", "message": "Unable to notarize SEPRemote.pkg/SEPRemote.pkg Contents/Payload/private/tmp/Norton for Mac SKU.mpkg/SEPEG_SKU.UniversalESD.pkg Contents/Payload/Applications/Symantec Endpoint Protection.app/Contents/Resources/ApplicationNorton.app", "docUrl": null, "architecture": null } What are the consequences of these warnings? Will they cause problems with SEPRemote.pkg even though it reports notarization is successful?
Posted
by gdeff.
Last updated
.
Post not yet marked as solved
2 Replies
729 Views

How do I use macOS Server's Profile Manager to create a SystemExtensions payload?

The SystemExtensions payload is new to macOS 10.15 and described here:https://developer.apple.com/documentation/devicemanagement/systemextensionscom.apple.system-extension-policy is the payload typeHow do I use macOS Server's Profile Manager to create/edit such payloads? If find no "System Extensions" settings.There is an "Extensions" payload in Profile Manager but this is for com.apple.NSExtension payload type and doesn't work to allow system extensions.Thanks!
Posted
by gdeff.
Last updated
.