PSA: Symantecs latest Update causes the UninstallerTool to be Flagged by macOS as Malware!

Hugonaut
Valued Contributor

972120462d6a45b880842b4d3b16a2b6

Update: https://knowledge.broadcom.com/external/article/185809/

Right now this is occurring at the point of installation utilizing SEPS version 14.2_RU2 on Catalina Machines. (My Environment is Catalina Only, Haven't tested on older OS)

So test your deployment / symantec installations out to see if you get this.

It is flagged at a temporary location

/private/tmp/PKInstallSandbox.0Ugi1z/Scripts/com.remote.deploy.uQRXrO/UninstallerTool

You cannot get past the screen until you remove the UninstallerTool.

I believe we must update the package installer & update all current machines by March 30th.

No official documentation (as far as I know) from Symantec / Broadcom.

Matt on slack provided his workaround : https://macadmins.slack.com/archives/C09MMQVH6/p1583914412251600?thread_ts=1582931159.076000&cid=C09...

c2da544cffaa485cbd6c4db2aa38fbeb

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
5 REPLIES 5

blackholemac
Valued Contributor III

Following this... I have a lot of machines on 10.13.x and 10.14.x.

I hope that doesn’t affect older Symantec engines. The newest installer with 10.15 is an abject disaster. I’m able to get it installed and deployed, but it is a CPU hog worse than usual. Luckily Catalina isn’t going to get serious in my org until summer.

dgreening
Valued Contributor II

We are seeing this in testing of the 14.2_RU2 client on 10.15.3. Broadcom has been completely useless on the support front, and a real fix for this doesn't look like it will be available until Q3. Time to look at other (non-KEXT/SEXT) having AV products methinks...

talkingmoose
Honored Contributor II

@dgreening, keep an eye on Jamf Protect. While it's still very new, kextless is the direction Jamf is pursuing.

Hugonaut
Valued Contributor

https://knowledge.broadcom.com/external/article/185809/

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman

donmontalvo
Esteemed Contributor II

"Symantec will address this issue fully in 14.3.

By then everyone will have moved on to Crowdstrike. ;)