Skip to main content

Hello list gurus,

We were asked to start testing Symantec Endpoint Protection for Mac (RU6 11.0.6100). The installer requires uninstall of old version, Symantec provides script:

http://www.symantec.com/business/support/index?page=content&id=TECH103489

So our thought is to create two policies:

1. First script runs Symantec's "RemoveSymantecMacFiles.command" script, we will add "sep" trigger at the end of the script.

2. Second script runs the SEP installer using "sep" custom trigger (then reboots Mac).

The RemoveSymantecMacFiles.command has the "#!/bin/sh" header, so we presume the *.command suffix was added to allow Finder double-clicking.

Just wanted to bounce this off the list to see if this is the right approach.

Thanks,
Don

This is essentially the route we went, but we integrated the
RemoveSymantecMacFiles.command into the preflight of the mpkg, and had to
add our proxy to the postflight (Live Update doesn't play nicely with our
proxy.pac). We had to make a minor change to
RemoveSymantecMacFiles.command to get this to work. We just commented out
the "AutoRunScript=FALSE" variable at line 342 so that AutoRunScript stays
TRUE and it worked perfectly.

-- Nathan Boggs
Senior Information Systems Engineer
CI&T / KICS - Macintosh Security

It should work, I'll have to do the same soon enough. Much nicer than SACM!

Sent from Ken's iPhone

Thanks Nathan, Hasaan and Edgar,

Thanks for the replies! I think what Nathan did would probably be our approach. I'll test integrating the Symantec provided script. I presume you imported the SEP installer, then copy/pasted the contents of RemoveSymantedMacFiles.command into the "preflight" script in Composer?

I haven't played with Composer much, since I'm a Packagemaker/Iceberg fan :) but that's very (VERY) likely to change soon. When I go to add a preflight script in Composer, the window opens with some variables - I hope I can delete the text and simply copy/paste the contents of RemoveSymantedMacFiles.command? Of course we will comment out "AutoRunScript=FALSE" before compiling the package.

Thanks,
Don

Sorry for thread-jacking your topic, but...

How do you guys push SEP without LU asking for confirmation? We get an
installer pkg from our IT group here, but the one they sent us requires you
to click yes for the initial update after installation. :rolleyes: I want
them to give us an updated .pkg file, but I'd really like to know exactly
what to ask them for (if anything) to keep that from happening.

(I won't bother to ask WHY anyone pushes this incredibly mediocre
software... ;-) )

-- Christopher Kemp
CNN Central Engineering

Hi Chris,

Totally cool, this is germain to the thread. :)

We snapshot the installer provided by the malware/vulnerability group and gave it a green flag (didn't see any issues on installation). We pushed it to several test boxes and they all seem to call home. All the Macs called home, no prompts.

The first issue we saw was that the test Macs show up in SEP console with DNS name (which of course is almost never right). I posted to the Symantec forum to see if anyone else is seeing this. We really want (NEED) SEP console to display proper Computer Name:

https://www-secure.symantec.com/connect/forums/sep-ru6-console-displaying-mac-dns-instead-computer-name

Just curious, are the malware/vulnerability folks including you in configuration and testing of console settings? Without access to see (not necessary to change) the client settings, it's going to be very difficult (if at all possible) to troubleshoot any issues caused by SEP.

PS, I used to hate SAV, mostly because it wasn't intelligent enough to understand "~" when defining exclusion paths (etc., etc.)...so far SEP is looking like a whole new design that we hope is a winner.

Don

Terms & ConditionsCookie settingsAccessibility statement