@hstanley Same here. Even when Broadcom system attention is allowed, SEP is not updating components and definitions (technically, not functioning) until someone manually lunches SEP client
@mhasman @hstanley Hopefully your SEP support team has already provide this info but just in case anyone else needs it; had the same issue with SEP 14.3 and apparently it's a known issue https://knowledge.broadcom.com/external/article?articleId=198559. Vendor's workaround is to run a post-install script that facilitates opening the GUI prior to the required restart.
@toconnor Thanks for the link! Our SEP support has not provided any info yet, so I appreciate you sharing.
I have SEP 14.3 running correctly in macOS 10.15. Just like in prior versions, you need the kernel extension and system extension whitelisted, as well as the proper PPPC settings. Also, leave all of your existing SEP whitelists and PPPC settings in place. Just add these to them.
Kernel Extension Team ID for Broadcom is now: Y2CCP3S9W7
System Extension Team ID for Broadcom is now: Y2CCP3S9W7
System Extension to be allowed is: com.broadcom.mes.systemextension
PPPC settings:
Identifier:
com.broadcom.mes.systemextension
Code Requirement:
identifier "com.broadcom.mes.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = Y2CCP3S9W7
(Allow access to ALL SystemPolicy services)
Identifier:
com.broadcom.sep.mainapp
Code Requirement:
identifier "com.broadcom.sep.mainapp" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = Y2CCP3S9W7
(Allow access to ALL SystemPolicy services)
(This one below may not be necessary, but I included it anyway)
Identifier:
com.symantec.SymLUHelper
Code Requirement:
identifier "com.symantec.SymLUHelper" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = "9PTGMPNXZ2"
(Allow access to ALL SystemPolicy services)
I also still have to have all of these config profiles present on the system BEFORE SEP 14.3 is installed, or else none of it works. So I have a system in place to make sure SEP never gets installed unless all of this is present. If anyone wants further info on it, I'd be happy to provide more.
@Hugonaut Your posts have been very helpful, I keep seeing you pop when I'm searching for answers as a new jamf user, thank you.