Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Installing the Symantec Management Agent for Mac with the Mac Firewall Enabled

Created: 10 Mar 2011 | 1 comment
Language Translations
dougj's picture
+1 3 Votes
Login to vote

The Symantec Management Platform and the agent on the client communicate in both directions. So, incoming connections are required for proper functioning. When installing the Symantec Agent for Macintosh on a client computer that has the firewall enabled, the system will prompt the user to allow or not allow incoming connections. Selecting 'Allow incoming connections' when prompted will open other ports required by the agent.

If the user does not allow for incoming connections, the agent may appear to run properly initially but will not receive task notifications, etc. and subsequent plug-ins for inventory, software management and other solutions will not install.

Is the Symantec Management Agent signed by a valid certificate authority?

The Symantec Management Agent is not currently a signed application. Thus, a user is prompted to allow for incoming connections. If the agent were signed, there would be no prompt to allow incoming connections.

Note the following comment in this Apple KB article under "Configuring the Application Firewall in Mac OS X 10.6 and Later":  http://support.apple.com/kb/ht1810

 2. Automatically allow signed software to receive incoming connections

Applications that are already signed by a valid certificate authority will automatically be added to the list of allowed applications rather than prompting the user to authorize them. For example, since iTunes is already signed by Apple, it will automatically be allowed to receive incoming connections through the firewall.

Symantec is currently researching this as a feature request.

Comments 1 CommentJump to latest comment

malroy's picture

 

Hi Doug,
 
Glad that you made this post , because i was pulling out my hair for last 12 months
 
my organisation doesn't have a firewall to block incoming traffic and i have to turn on the client side firewall.but with Altiris NS agent , i have to disable it .
 
no one believe me , the support guys in Sydney , my account manager . i have to show my account manager face to face and prove that it doesnt work.
 
 
I had provided all the information to the Sydney support crew . i sincerely hope that you sign the agent for DS and NS as well. i am quite surprised that it took so long for Symantec acknowledge this issue as it appear on Mac OS X 10.5 since 4 year ago.
 
 
Symantec post a KB http://www.symantec.com/docs/HOWTO43953  3 month ago
 
I hope Symantec don't expect customer to disable their firewall to use their product.
 
any progress in getting the agent signed ?
 
 
Cheers
Roy
0
Login to vote