Endpoint Protection

I have two macs, a laptop and an iMac, they play well together.   I install SEP on the laptop, and the laptop no longer sees the other mac in the finder (it can connect to it if I go to "connect to server" though.   It can no longer connect to the mini web server by Goodreader PDF app on my iPad.   I uninstall SEP, still doesn't work.   I use symatec removal tool, still doesn't work.   Format hard drive and reinstall Mac OS X, everything works again.

Wait a few months, everything works all the time.   Then, SEP 11 is made avaialble by my company.   I install it, same problem as above...I really don't want to format and install everything again.   Is there some file(s) I can alter to fix what Symantec has done?

There should be nothing in SEP for Mac that would prevent network communication.  There is no firewall component, only antivirus; I'm not aware of the smcdaemon preventing communication.

Are you sure that the previous install wasn't Norton AV, which does have a light IPS system (Vulnerability Protection)?

Which version of the operating system are you using? Is the firewall on?

I'm not sure what removal tool you used, but if it was not this one, try it:

Removing Symantec programs for Macintosh by using the RemoveSymantecMacFiles removal utility
http://www.symantec.com/docs/TECH103489

sandra

It was SEP 11 according to the University I work for, the previous version was SEP 10.

Communication works fine and I can mount drives and share screen with other Macs, however, the mac no longer lists them in the finder, you have to figure out their IP to do the mounts (home network).   GoodReader on the iPad allows one to run essentially a webdav server, this I can't connect to.   It was only after installing SEP both the first and second times that this issue arose.

I'm running the latest version fully patched of Snow Leopard.   I used the tool you linked to.

I've stopped and restarted sharing/firewall to no avail, I've cleaned caches, ran the daily/weekly/montly scripts, repaired permisisons, checked the logs.   The closest related error (/var/log/system.log) was with NetAuthAgent, but being typical Apple, is rather vague.   

I'll check to see if the Unviersity modifies the product any before sending it out.  

When you say previous version was SEP 10, You mean Symantec Antivirus v10.x?

SEP11.x (RU5) and above supports Mac OS and the latest version is RU6 MP2.

Try installing the supported version after uninstalling using the removel tool from the above link.

I formatted the hard drive and reinstalled the OS and did not recover anything from backups to ensure that I could attribute it to SEP.   It must have been SEP 11, RU5 or I wouldn't have installed it, I couldn't remember since it only existed on the computer for a few days before I did the cleansing.

I thought they made a newer version available to us, however, I was mistaken.   From examining the distribution file:  ProductVersion=11.0.6000.0162 (it's the only one the University makes available to us.)  
 

It does install fine, updates, etc.   Just the weird sharing issue starts immediately aftewards.  Removal tools do not undo whatever is done...

As a followup, it's probably more to do with SEP adversely affecting the Bonjour service in some way...

Uninstalling SEP did not fix the issue earlier, Did you try disabling the SEP? Because as mentiond above Antivirus and Antispyware is the only components for Mac OS, this issues is possible only if NTP is installed.

you may also Check the TCP/IP bindings after SEP installation. 

the reason to check the TCP/IP configuration because,  zero-configuration networking, enables automatic discovery of computers, devices, and services on IP networks. Bonjour uses industry standard IP protocols to allow devices to automatically discover each other without the need to enter IP addresses or configure DNS servers. Specifically, Bonjour enables automatic IP address assignment without a DHCP server, name to address translation without a DNS server, and service discovery without a directory server. Bonjour is an open protocol which Apple has submitted to the IETF as part of the ongoing standards-creation process. To learn more, check out the Bonjour Protocol Specifications which detail the technologies that make up Link-Local and Wide-Area Bonjour.

Actually, RU6 and above supports Mac.

sandra

I thought I made a post on this but I guess I didn't.  When you say you don't see them in the Finder, do you mean in the "Shared" portion in the left pane of an open window, or actually mounting on the desktop?

There is honestly nothing I can think of that should be interfering with anything relating to networking, and I have seen nothing like this in almost 3 years of supporting AV on the Mac.  There's pretty much just antivirus, the smcdaemon (communication back to the SEPM), and LiveUpdate.  Are these managed?  Were the installer package zip files expanded on a Mac? What other kinds of programs are installed an in use in your environment that might be as common.

ETA: It doesn't have teamed NICs, as it's a laptop, correct?

Very weird.  If you can locate the install log within the OS itself (install.log via Console), feel free to upload it here.

sandra

The network has not changed, I verified all settings.   I disabled, renabled, deleted, recreated, all the various settings.   It is just a laptop, and I can recreate on the iMac simply by installign SEP 11.   

There is some interference with Bonjour services and not networking.   I can still mount things via afp/nfs/smb, etc.   Only Bonjour services are affected by installation of SEP.

I cleared caches, logs, ran maintenance scripts, repair permissions, verify disk, reset indexes, etc.   (this just runs apples tools from one location and was not installed prior to installing SEP and experiencing the problem.)

I've disabled Firewall, SEP, and various other things, to no avail.  I even tried reinstalling the last Mac OS X cumlative update.   I created another user to ensure it's not just something that affected the user environment, still didn't work.

It seems the only fix is to format and reinstall everything.   *sigh*

Thanks for your suggestions...

There is some interference with Bonjour services and not networking.   I can still mount things via afp/nfs/smb, etc.   Only Bonjour services are affected by installation of SEP.

Is there anything at all in the Console logs to hint at what this interference could be?  I've had SEP for Mac installed since the release and have had no trouble seeing Shared machines, and I can find nothing in our KB, internal or external, regarding anything to do with SEP Mac and Bonjour.  I wish I had other ideas for you with regards to where to look or what to change.

sandra

Nothing that I can attribute...I suspect the University may have fiddled with the package or perhaps something else i'm running combined with SEP cause the issue.  I'll probably continue to fiddle with stuff, if I discover anything, I'll post it back here.