Apple announced the upcoming release of its macOS 10.13, dubbed High Sierra, at the Apple Worldwide Developers Conference(WWDC) 2017 keynote event in San Jose earlier this month. It brings many under the hood changes along with some new eye catching updates for everyday users. The Cupertino-based company is clearly starting to take into account the.
-->System Center Endpoint Protection for Mac 4.5.32.0 (support for macOS 10.13 High Sierra) System Center Endpoint Protection for Linux 4.5.20.0. For more information about how to install and manage the Endpoint Protection clients for Linux and Mac computers. Apr 16, 2017 Bugs in Symantec/Norton code are the problem (similar problems exist on Symantec Endpoint Protection for the Mac, by the way). Nothing else has changed except Apple is now throwing a warning with 10.15.4 that Norton will need to be changed or else it will stop working in the future.
Applies to: Configuration Manager (current branch)
Endpoint Protection manages antimalware policies and Windows Firewall security for client computers in your Configuration Manager hierarchy.
Important
You must be licensed to use Endpoint Protection to manage clients in your Configuration Manager hierarchy.
When you use Endpoint Protection with Configuration Manager, you have the following benefits:
- Configure antimalware policies, Windows Firewall settings, and manage Microsoft Defender Advanced Threat Protection to selected groups of computers
- Use Configuration Manager software updates to download the latest antimalware definition files to keep client computers up-to-date
- Send email notifications, use in-console monitoring, and view reports. These actions inform administrative users when malware is detected on client computers.
Beginning with Windows 10 and Windows Server 2016 computers, Windows Defender is already installed. For these operating systems, a management client for Windows Defender is installed when the Configuration Manager client installs. On Windows 8.1 and earlier computers, the Endpoint Protection client is installed with the Configuration Manager client. Windows Defender and the Endpoint Protection client have the following capabilities:
- Malware and spyware detection and remediation
- Rootkit detection and remediation
- Critical vulnerability assessment and automatic definition and engine updates
- Network vulnerability detection through Network Inspection System
- Integration with Cloud Protection Service to report malware to Microsoft. When you join this service, the Endpoint Protection client or Windows Defender downloads the latest definitions from the Malware Protection Center when unidentified malware is detected on a computer.
Note
The Endpoint Protection client can be installed on a server that runs Hyper-V and on guest virtual machines with supported operating systems. To prevent excessive CPU usage, Endpoint Protection actions have a built-in randomized delay so that protection services do not run simultaneously.
In addition, you manage Windows Firewall settings with Endpoint Protection in the Configuration Manager console.
Example scenario: Using System Center Endpoint Protection to protect computers from malware Endpoint Protection and the Windows Firewall.
Managing Malware with Endpoint Protection
Endpoint Protection in Configuration Manager allows you to create antimalware policies that contain settings for Endpoint Protection client configurations. Deploy these antimalware policies to client computers. Then monitor compliance in the Endpoint Protection Status node under Security in the Monitoring workspace. Also use Endpoint Protection reports in the Reporting node.
Additional information:
How to create and deploy antimalware policies for Endpoint Protection - Create, deploy, and monitor antimalware policies with a list of the settings that you can configure
How to monitor Endpoint Protection - Monitoring activity reports, infected client computers, and more.
How to manage antimalware policies and firewall settings for Endpoint Protection - Remediate malware found on client computers
Managing Windows Firewall with Endpoint Protection
Endpoint Protection in Configuration Manager provides basic management of the Windows Firewall on client computers. For each network profile, you can configure the following settings:
Enable or disable the Windows Firewall.
Block incoming connections, including those in the list of allowed programs.
Notify the user when Windows Firewall blocks a new program.
Note
Endpoint Protection supports managing the Windows Firewall only.
For more information, see How to create and deploy Windows Firewall policies for Endpoint Protection.
Microsoft Defender Advanced Threat Protection
Endpoint Protection manages and monitors Microsoft Defender Advanced Threat Protection (ATP), formerly known as Windows Defender ATP. The Microsoft Defender ATP service helps enterprises detect, investigate, and respond to advanced attacks on the corporate network. For more information, see Microsoft Defender Advanced Threat Protection.
Endpoint Protection Workflow
Use the following diagram to help you understand the workflow to implement Endpoint Protection in your Configuration Manager hierarchy.
Endpoint Protection Client for Mac Computers and Linux Servers
Important
Support for System Center Endpoint Protection (SCEP) for Mac and Linux (all versions) ends on December 31, 2018. Availability of new virus definitions for SCEP for Mac and SCEP for Linux may be discontinued after the end of support. For more information, see End of support blog post.
System Center Endpoint Protection includes an Endpoint Protection client for Linux and for Mac computers. These clients aren't supplied with Configuration Manager. Download the following products from the Microsoft Volume Licensing Service Center:
System Center Endpoint Protection for Mac
System Center Endpoint Protection for Linux
Note
You must be a Microsoft Volume License customer to download the Endpoint Protection installation files for Linux and the Mac.
These products can't be managed from the Configuration Manager console. A System Center Operations Manager management pack is supplied with the installation files, which allows you to manage the client for Linux.
How to get the Endpoint Protection client for Mac computers and Linux servers
Use the following steps to download the image file containing the Endpoint Protection client software and documentation for Mac computers and Linux servers.
- Sign in to the Microsoft Volume Licensing Service Center.
- Select the Downloads and Keys tab at the top of the website.
- Filter on product System Center Endpoint Protection (current branch).
- Click link to Download
- Click Continue. You should see several files, including one named: System Center Endpoint Protection (current branch - version 1606) for Linux OS and Macintosh OS Multilanguage 32/64 bit 1878 MB ISO.
- To download the file, click the arrow icon. The file name is SW_DVD5_Sys_Ctr_Endpnt_Prtctn_1606_MultiLang_-3_EptProt_Lin_Mac_MLF_X21-67050.ISO.
The January 2018 update (X21-67050) includes the following versions:
System Center Endpoint Protection for Mac 4.5.32.0 (support for macOS 10.13 High Sierra)
System Center Endpoint Protection for Linux 4.5.20.0
For more information about how to install and manage the Endpoint Protection clients for Linux and Mac computers, use the documentation that accompanies these products. This product documentation is in the Documentation folder of the .ISO file.
Symantec Endpoint Protection 14.x client for macOS/OS X | |||||||
Mac Code Names and Version Numbers | |||||||
Mavericks | Yosemite | El Capitan | Sierra | High Sierra | Mojave | Catalina | |
OS X | OS X | OS X | macOS | macOS | macOS | macOS | macOS |
14, 14 MP1, 14 MP2 | |||||||
14.0.1, 14.0.1 MP1, 14.2 | |||||||
14.2 MP1 | |||||||
14.2 RU1 | |||||||
14.2 RU1 (refresh) | |||||||
14.2 RU1 MP1 | |||||||
14.2 RU2, 14.2 RU2 MP1 | |||||||
14.3 | |||||||
Note: Different product versions have specific system requirements.
The Symantec Endpoint Protection client for Mac is managed by a Symantec Endpoint Protection Manager (SEPM) on a Windows server.
Additional notes
- Mac OS X 64-bit mode is supported.
- PowerPC processors are not supported as of version 12.1.x.
- As of version 12.1.2, case-sensitive formatted volumes are supported.
- Remove legacy Symantec AntiVirus (SAV) for Mac installations before installing Symantec Endpoint Protection.
See Remove Symantec software for Mac using RemoveSymantecMacFiles. - Mac clients for Symantec Endpoint Protection Cloud do not support Mac OS X 10.11 (El Capitan).
- As of macOS 10.13, you must authorize the Symantec Endpoint Protection kernel extension after installation for Symantec Endpoint Protection to fully function. You are prompted during the client installation to do it if needed. If you do not do it during the client installation, go to System Preferences > Security & Privacy, and click Allow. Neither Symantec Endpoint Protection nor the Mac operating system continue to remind you that you must do this.
You only need to authorize the kernel extension once during the life of the computer's operating system. If you uninstall and reinstall the client, you don't need to reauthorize the kernel extension. If you have Symantec Endpoint Protection 14 and then upgrade to macOS 10.13, you don't need to reauthorize the kernel extension. However, if you reinstall the operating system, you need to reauthorize the kernel extension.
See About authorizing kernel extensions for Symantec Endpoint Protection for macOS 10.13. - Kext notarization was added in macOS 10.14.5. If you install a client version earlier than 14.2 RU1 (refresh) on macOS 10.14.5, or upgrade the operating system to macOS 10.14.5 with an earlier version of Symantec Endpoint Protection already installed, you may experience issues.
See Endpoint Protection 14.2 RU1 and kext notarization for macOS 10.14.5.
Intrusion Prevention
Intrusion Prevention (IPS) is available in version 12.1.4 and later.
Device Control
Device Control is available in version 14 and later. You can only enable Device Control for managed clients.
Firewall
Mac client versions earlier than 14.2 do not include a firewall.
IPS was introduced in version 12.1.4, but broader firewall support (e.g. traffic rules) and feature parity with the Windows product was not included until version 14.2 and later. This firewall is only available to managed clients.
Web Traffic Redirection
14.2 introduced basic PAC file management to the SEP for Mac client.
14.2 RU1 expanded this to support full Web Traffic Redirection, including seamless identification with Web Security Service. Note: 14.2 RU1 MP1, or newer, is recommended for WTR on macOS due to numerous fixes introduced with that release.
Symantec Endpoint Protection 12.1.x
Symantec Endpoint Protection
The End of Standard Support Life fell on April 3, 2019. See End of Support Life for Endpoint Protection 12.x.
Symantec Endpoint Protection 11.x
Symantec Endpoint Protection For Macos High Sierra 10 13 6
Support for version 11.x ended on January 5, 2015. See FAQ: Upgrading Symantec Endpoint Protection 11.x to version 12.1.x.