How to determine if Endpoint Protection for Macintosh is installed and running
search cancel

How to determine if Endpoint Protection for Macintosh is installed and running

book

Article ID: 178268

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

How to determine if Endpoint Protection for Macintosh is installed and running

Resolution

Version check:

The following command line input will return version information, if SEP is installed:

defaults read /Applications/Symantec\ Solutions/Symantec\ Endpoint\ Protection.app/Contents/Info CFBundleShortVersionString       

Example output: 14.2.4806.1100
 

SymDaemon check:

Using Activity Monitor, check for the running process named SymDaemon. This means SEP is installed and running.


Managed client check:

Serdef.dat will be present in /Library/Application Support/Symantec/SMC/data/ if SEP is managed


Kernel extension check:

From terminal run the command line:

kextstat  | grep -i symantec

The four expected kernel extensions are:

com.symantec.internetSecurity.kext
com.symantec.nfm.kext
com.symantec.ips.kext
com.symantec.SymXIPS

 
Note that the kextstat output will still list an extension as loaded even if the related SEP component is disabled via product settings.
 

AutoProtect status check and ShowSettings tool:

The previously provided ShowSettings tool is no longer available. It crashes when used with SEP 14.3 for Mac, and was based on a developer tool that will not be continued. Broadcom is aware of this and this article will be updated when there is a native solution to query AutoProtect and other component status of SEP for Mac. ShowSettings was never shipped with SEP; it was formerly provided for NAC vendors to integrate in their product. If you are encountering errors involving "ShowSettings" then open a support case with your NAC vendor or whoever provides the software that uses it—it should be removed from that product.

To determine the IPS status, grep /var/log/system.log for "IPS Enabled : 1" or "IPS Enabled : 0"