@markdmatthews Yes I've been testing on fresh installs of Big Sur, Catalina has been fine all along.

@brianmcbride99 working pretty good on new installs of big sur. Still seeing popups when upgrading. I believe the profile has to be installed on the device before the application or you will get the popups. I am seeing wss hose up internet browsing, but that could be something that our symantec team needs to fix. If I find out why that's happening, I'll post it.

@markdmatthews
I'm seeing what you're seeing but with Blackmagic Inc. Design Software as Per:
https://www.jamf.com/jamf-nation/discussions/38634/kernel-extensions-big-sur-blackmagic.

They are still using KEXTs under Big Sur.

But I don't know if this is due to the Software being installed prior to the Configuration Profile being loaded as per @brianmcbride99 . I need to test on a fresh install.

I'm seeing the pop-up even after entering all of the suggested Bundle IDs.

I did find out that the new WSS agent is showing in crash reports and am getting the "your computer restarted because of a problem" message when rebooting. I wish we could just not use Symantec.

We are on 7.2.1 of WSS, and are having a ton of issues in Big Sur as well @user-kGyZmDeZOD Some of which are below:
- Teams direct calling does not work
- NAT issues in Windows VMs, internal vpn traffic does not appear to be routed correctly

@brianmcbride99 We're seeing similar issues. Our Split Tunnel VPN's don't work with WSS and our full tunnel one does. Everything is configured properly on the WSS Management console too. It's very odd.

@nsbickhart on new installations of Big Sur you aren't being prompted "System Extension Updated"?

Just came across this @IamGroot https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/web-security-service/Help/Connectivity_3/conn-about-wssa/conn-wssa-bypassapp.html

So something that worked without issue in previous WSS agent versions and macOS versions now suddenly we have to identify ourselves and create bypasses for??? Is Broadcom literally trying to force users to a different product.(

)

@brianmcbride99 I didn't even notice that on there, thank you! This seems to be the new thing for vendors. We recently introduced another product into our environment that made us add app bypass filters as well for these kinds of things. It's a very tedious process as you have to identify each and every application you want bypassed. I agree with you, some vendors are really trying their hardest to lose their customers. I'll try this out today and let you know if I have any luck. Fingers crossed!

No one else seeing "warning" on new Big Sur (macOS 11) deployments?

@markdmatthews - we are seeing something similar to this when upgrading to macOS 11, only stating something to the effect of the system extension being updated and needs to be approved. I'm assuming you are pre deploying the config profile approving the system extension and setting the VPN settings as they mention here

I did, and still get the approval prompt similar to yours. I have an open case with Broadcom, with zero movement in over a week.

I've been working with Broadcom support on this. We use falcon and anyconnect. Bypassed both, running 7.2 and it still seems to be fighting with anyconnect. I grabbed some more pcap logs and sent to support but haven't heard anything back since last week. The profiles for system extension/vpn seem to be taking care of the popups on new loads, but the issue remains with navigating to anything via a browser, it just won't allow anything out. Sometimes, if you click disconnect on the wss tunnel, it'll let you out, but it's all random.

Good news. I was provided with wss agent 7.3.5.15179. I tested briefly on Big Sur and it is no longer locking up web browsing and I'm no longer seeing disconnects in the logs. Lots more testing to do, but it's looking good.

I believe 7.3.5.15179 is being released on Friday.

@nsbickhart Thanks for the update. I tried reaching out to our WSS admin but he stated he doesn't see it in the download portal. Is that something you had to reach out to Symantec to get?

@nsbickhart So we got the 7.3.5.15179 WSS client and it seems to sort of resolve sites not loading after we added AnyConnect to the app bypasses. However websites take upwards towards two minutes to load. Have you encountered this at all?

@IamGroot i had an early version. I don’t have access to that portal, it’s managed by another team where I work, but was told by support that it was going to be available after office hours yesterday, so it should be there now hopefully.

@IamGroot as far as sites not loading for 2 minutes….we did see this on 7.2. The newest release seems to have fixed that issue from what I’m seeing. I believe we had to change the path to AnyConnect in our portal. I’ll try to get that over to you.

@IamGroot this is what support said to pop in for the path. Under Validation , select 'Signing Certificate' and make sure you add the system extension id.
/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app/Contents/MacOS/Cisco AnyConnect Secure Mobility Client

@nsbickhart I have the similar issue on BigSur for wss not loading the web pages, we also use the Anyconnect and looks like the same scenario as described above. Is the above signing Certificate and changing path needs to be setup at Symantec WSS portal? Thanks

@ochomakhidze yes, you would need to go into the Symantec WSS portal and add those. This happened when we were testing 7.1. 7.3 is out now, which seems to have resolved the issue, not sure if you actually need to add things in the portal, but it wouldn't hurt. Also, I'm working with support on 7.3 because we use PingID as our IDP and it will not work with Safari in 7.3, so we are still not able to release Big Sur until this is fixed.

So are you guys applying both the kernel and system extensions to new Big Sur builds? I've been trying to push out just the system extension exactly like it's shown in LaMantia's post above from January but having issues, new builds will just show an error that WSS Agent couldn't load completely.

I have a configuration with the system extension and the VPN filters applied to Big Sur machines, it should be coming down before the app installs too. We opened a ticket with Broadcom but they just said based on the screenshot they think the system extension isn't loaded, so I ran systemextensionsctl and it is listed there. Additionally, on Catalina -> Big Sur upgrades we do not appear to have this issue.