Skip to content

Instantly share code, notes, and snippets.

@crkrenn

crkrenn/README.md

Forked from steve-jansen/README.md
Last active July 10, 2020 05:08
Show Gist options
  • Save crkrenn/799555b645259acca89a3fa817a99891 to your computer and use it in GitHub Desktop.
Save crkrenn/799555b645259acca89a3fa817a99891 to your computer and use it in GitHub Desktop.
Download ZIP
Stop and start Symantec Endpoint Protection on OS X
Raw
README.md

This script enables you stop and start Symantec Endpoint Protection on OS X. For information on starting and stopping SEP on OS 10.15 (Catalina), please see below.

Installation

sudo curl https://gist.githubusercontent.com/steve-jansen/61a189b6ab961a517f68/raw/sep -o /usr/local/bin/sep
sudo chmod 755 /usr/local/bin/sep
sudo chown root:staff /usr/local/bin/sep

/etc/sudoers

If your user account is not a member of the admin group (i.e., not an OS X Administrator), you need to add the following line to /etc/sudoers using sudo visudo tool:

myusername ALL= NOPASSWD: /usr/local/bin/sep

Example

me:~$ sep stop
/usr/local/bin/sep: relaunching as sudo /usr/local/bin/sep
/usr/local/bin/sep: unloading Symantec Endpoint Protection daemon
/usr/local/bin/sep: unloading Symantec Endpoint Protection shared settings daemon
/usr/local/bin/sep: closing Symantec Endpoint Protection UI widget

me:~$ sudo /usr/local/bin/sep start
/usr/local/bin/sep: relaunching as sudo /usr/local/bin/sep
/usr/local/bin/sep: loading Symantec Endpoint Protection daemon
/usr/local/bin/sep: unloading Symantec Endpoint Protection shared settings daemon
/usr/local/bin/sep: launching Symantec Endpoint Protection UI widget

Stopping SEP on OS 10.15 (Catalina) (source: crkrenn)

OS 10.15 has started using systemextensionsctl to manage extensions, and Symantec is one of the first companies to use this.

Steps:

  1. Install the sep tool as described above under Installation.
  2. To use systemextensionsctl on OS 10.15, you need to disable System Integrity Protection. This requirement may be removed in future OS X releases, and it only needs to be done once.
    1. First, boot into recovery mode by restarting your Mac and hold Command+R as it boots.
    2. Launch terminal from the Utilities menu.
    3. Type csrutil disable.
    4. Reboot.
  3. To kill all Symantec processes:
    1. Run sep stop as an admin user.
    2. Run systemextensionsctl list:
    enabled	active	teamID	bundleID (version)	name	[state]
	9PTGMPNXZ2	com.symantec.mes.systemextension (10.0.0/10.0.0)	Symantec System Extension	[terminated waiting to uninstall on reboot]
    1. Run systemextensionsctl uninstall 9PTGMPNXZ2 com.symantec.mes.systemextension. (The team ID may be different for you. Please send feedback whether or not your installation of SEP has the same teamID.)
Raw
sep
#!/bin/bash
# relaunch with sudo if we aren't root
if [[ $EUID -ne 0 ]]; then
echo "$0: relaunching as sudo $0 $1 $USER"
sudo "$0" $1 $USER
exit $?
fi
real_user=$USER
if [ -n "$2" ]; then
real_user=$2
fi
stop() {
echo $0: unloading Symantec Endpoint Protection daemon
launchctl unload /Library/LaunchDaemons/com.symantec.symdaemon.*plist
echo $0: unloading Symantec Endpoint Protection shared settings daemon
launchctl unload /Library/LaunchDaemons/com.symantec.sharedsettings.*plist
echo $0: closing Symantec Endpoint Protection UI widget as $real_user
sudo -u $real_user launchctl unload /Library/LaunchAgents/com.symantec.uiagent.application.*plist
}
start() {
echo $0: loading Symantec Endpoint Protection daemon
launchctl load /Library/LaunchDaemons/com.symantec.symdaemon.*plist
echo $0: loading Symantec Endpoint Protection shared settings daemon
launchctl load /Library/LaunchDaemons/com.symantec.sharedsettings.*plist
echo $0: launching Symantec Endpoint Protection UI widget as $real_user
sudo -u $real_user launchctl load /Library/LaunchAgents/com.symantec.uiagent.application.*plist
}
case "$1" in
start)
start
;;
stop)
stop
;;
*)
echo "Usage: $0 [start|stop]"
;;
esac
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment