Consent needed to enable ENSM Firewall 10.7.5 and later
Last Modified: 2024-01-22 09:12:23 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Consent needed to enable ENSM Firewall 10.7.5 and later
Technical Articles ID:
KB93600
Last Modified: 2024-01-22 09:12:23 Etc/GMT Environment
Endpoint Security for Mac (ENSM) Firewall 10.7.5 and later macOS Ventura 13.0.x and later macOS Monterey 12.0.x and later macOS Big Sur 11.0.x and later macOS Catalina 10.15.6 and later SummaryRecent updates to this article
Problem
Products that use a network extension on macOS Catalina 10.15.x, Big Sur 11.x, Monterey 12.x, and Ventura 13.x require user consent to load any third-party system extensions. ENSM Firewall 10.7.5 and later use a network system extension for network events. The network extension and Content Filter configuration require approval before ENSM Firewall can start protecting the system. Solution 1
IMPORTANT: On Ventura Mobile Device Management (MDM)-managed hosts, the McAfee/Trellix System Extensions may remain visible under Filters & Proxies even after uninstalling Trellix products. This behavior occurs because the Content Filter Service (CFS) profile is still applied to the host. Removing the corresponding profile from MDM will also remove the Filters from the host. For versions 10.7.9 and later: The following table describes the user experience depending on the environment where ENSM Firewall is deployed.
When uninstalling ENSM Firewall 10.7.9 and later on MDM-managed Monterey and later systems: You can avoid user intervention to provide administrator credentials during the uninstallation of system extensions on MDM-managed Monterey systems. To achieve this configuration, use a management profile with a System Extensions payload with the following settings:
For a sample profile for the Removable System Extensions payload, see NOTES:
Solution 2
For versions 10.7.8 and earlier: The following table describes the user experience depending on the environment where ENSM Firewall is deployed.
When uninstalling ENSM Firewall 10.7.8 on MDM-managed Monterey and later systems: You can avoid user intervention to provide administrator credentials during the uninstallation of system extensions on MDM-managed Monterey systems. To achieve this configuration, use a management profile with a System Extensions payload with the following settings:
For a sample profile for the Removable System Extensions payload, see NOTES:
When uninstalling ENSM Firewall, the user is prompted to enter the administrator credentials to uninstall the system extension. If the user doesn't provide credentials, the ENSM Firewall uninstallation continues, but system extensions aren't uninstalled with ENSM Firewall. In this case, the user again sees a prompt to enter the administrator credentials when the last McAfee module is getting uninstalled from the system. Users must provide the credentials on the password prompt when this last McAfee module is getting uninstalled from the system. Failing to do so leaves the system extensions and Functional Module Platform (FMP) on the system. The FMP is a common component that all McAfee modules use. When uninstalling ENSM Firewall 10.7.5/10.7.6: When uninstalling ENSM Firewall, the user is prompted to enter the administrator credentials to uninstall the system extension. This statement applies to both ENSM Firewall standalone and ePO-managed. Also, it doesn't matter whether the system is MDM-managed. If the user doesn't provide credentials or provides incorrect credentials, the ENSM Firewall uninstallation doesn't continue. To uninstall ENSM Firewall successfully, the user must try the uninstallation again and provide the correct credentials. Apple designed the uninstallation of system extensions this way. User intervention can't be avoided even on MDM-managed systems. Attachment 1Attachment 2Attachment 3Attachment 4Affected ProductsLanguages:This article is available in the following languages: |
|