Without Mobile Device Management (MDM):
IMPORTANT: This solution requires manual intervention to configure SCP on Big Sur 11.2.
Configuration |
User Experience |
Standalone installation on macOS Big Sur without an MDM profile |
- When you install SCP on standalone Mac systems, if user consent isn't available for the McAfee System Extension, SCP can't apply the policy configured.
- SCP tries to automatically load the McAfee System Extensions every 10 seconds after the installation until user consent is available.
- User sees an Alert that prompts whether to allow the McAfee System Extensions from the Security and Privacy System Preferences panel.
NOTE: The SCP status shows ExtAutErr until the user provides consent.
- After the user gives consent SCP applies the configured policy. On applying policy, the McAfeeSystemExtensions is prompted for user consent in network settings. This consent is also needed.
|
ePolicy Orchestrator (ePO) deployment on macOS Big Sur without an MDM profile |
- When you deploy SCP on ePO-managed Mac systems, if user consent isn't available for the McAfee System Extension, SCP can't apply the policy configured.
- SCP tries to automatically load the McAfee System Extensions every 10 seconds after the deployment.
- The user sees an Alert that prompts whether to allow the McAfee System Extensions from the Security and Privacy System Preferences pane.
NOTE: The SCP status shows ExtAutErr until the user provides consent.
- After the user gives consent, SCP applies the configured policy. On applying policy, the McAfeeSystemExtensions is prompted for user consent in network settings. This consent is also needed.
|
Upgrade from macOS Catalina with SCP 3.x present |
Before upgrading macOS Catalina to Big Sur 11.2, uninstalling SCP 3.x is optional.
After the macOS Big Sur upgrade, the SCP 3.x status displays Driver Error. This status is expected.
After the Big Sur upgrade, SCP 4.x can be installed. User consent is needed according to the scenario above. |
NOTE: If you've already installed ENSM Firewall on a system, user consent isn't needed. Consent would have been provided while activating ENSM Firewall.