Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Stop and start Symantec Endpoint Protection on OS X

This script enables you stop and start Symantec Endpoint Protection on OS X

Installation

sudo curl https://gist.githubusercontent.com/steve-jansen/61a189b6ab961a517f68/raw/sep -o /usr/local/bin/sep
sudo chmod 755 /usr/local/bin/sep
sudo chown root:staff /usr/local/bin/sep

/etc/sudoers

If your user account is not a member of the admin group (i.e., not an OS X Administrator), you need to add the following line to /etc/sudoers using sudo visudo tool:

myusername ALL= NOPASSWD: /usr/local/bin/sep

Example

me:~$ sep stop
/usr/local/bin/sep: relaunching as sudo /usr/local/bin/sep
/usr/local/bin/sep: unloading Symantec Endpoint Protection daemon
/usr/local/bin/sep: unloading Symantec Endpoint Protection shared settings daemon
/usr/local/bin/sep: closing Symantec Endpoint Protection UI widget
me:~$ sudo /usr/local/bin/sep start
/usr/local/bin/sep: relaunching as sudo /usr/local/bin/sep
/usr/local/bin/sep: loading Symantec Endpoint Protection daemon
/usr/local/bin/sep: unloading Symantec Endpoint Protection shared settings daemon
/usr/local/bin/sep: launching Symantec Endpoint Protection UI widget
#!/bin/bash
# relaunch with sudo if we aren't root
if [[ $EUID -ne 0 ]]; then
echo "$0: relaunching as sudo $0 $1 $USER"
sudo "$0" $1 $USER
exit $?
fi
real_user=$USER
if [ -n "$2" ]; then
real_user=$2
fi
stop() {
echo $0: unloading Symantec Endpoint Protection daemon
launchctl unload /Library/LaunchDaemons/com.symantec.symdaemon.*plist
echo $0: unloading Symantec Endpoint Protection shared settings daemon
launchctl unload /Library/LaunchDaemons/com.symantec.sharedsettings.*plist
echo $0: closing Symantec Endpoint Protection UI widget as $real_user
sudo -u $real_user launchctl unload /Library/LaunchAgents/com.symantec.uiagent.application.*plist
}
start() {
echo $0: loading Symantec Endpoint Protection daemon
launchctl load /Library/LaunchDaemons/com.symantec.symdaemon.*plist
echo $0: loading Symantec Endpoint Protection shared settings daemon
launchctl load /Library/LaunchDaemons/com.symantec.sharedsettings.*plist
echo $0: launching Symantec Endpoint Protection UI widget as $real_user
sudo -u $real_user launchctl load /Library/LaunchAgents/com.symantec.uiagent.application.*plist
}
case "$1" in
start)
start
;;
stop)
stop
;;
*)
echo "Usage: $0 [start|stop]"
;;
esac
@lambdalisue
Copy link

lambdalisue commented Dec 16, 2014

You saved me! Thanks for this script !

@MadConan
Copy link

MadConan commented Jun 16, 2015

So awesome. The daemon had been running for 4 hours at 100+%. Stopping and restarting totally worked. THANKS!!

@thebalaa
Copy link

thebalaa commented Oct 20, 2015

thank you

@airtonjal
Copy link

airtonjal commented Oct 22, 2015

Thanks Steve! That helps a lot 👍

@JESii
Copy link

JESii commented Dec 30, 2015

Not working on Yosemite:

$ sep stop
/usr/local/bin/sep: relaunching as sudo /usr/local/bin/sep stop XXX
/usr/local/bin/sep: unloading Symantec Endpoint Protection daemon
/Library/LaunchDaemons/com.symantec.symdaemon.plist: No such file or directory
/usr/local/bin/sep: unloading Symantec Endpoint Protection shared settings daemon
/Library/LaunchDaemons/com.symantec.sharedsettings.plist: No such file or directory
/usr/local/bin/sep: closing Symantec Endpoint Protection UI widget as XXX
/Library/LaunchAgents/com.symantec.uiagent.application.plist: No such file or directory

@snakeninny
Copy link

snakeninny commented Nov 4, 2016

You made my day. Thanks!

P.S. If the process "nwjs helper" is eating up to 150% CPU usage on your macOS, try turning SEP off.

@steve-jansen
Copy link
Author

steve-jansen commented May 24, 2017

@JESii Figured out the solution here

Per https://support.symantec.com/en_US/article.TECH134203.html, we need to use com.symantec.symdaemon.*plist to match on com.symantec.symdaemon.plist for SEP 12.x and com.symantec.symdaemon.NFW.plist for SEP 14.x

the asterisk in daemon pathnames will accommodate suffix variations - SEP 12.1.x uses .plist and SEP 14.0 uses .NFM.plist

I've updated this gist and confirmed it's working on Sierra with SEP 14.x.

@odinb
Copy link

odinb commented Feb 15, 2018

Thanks! Really neat script! Works on High Sierra with Symantec 12.1.6 (12.1 RU6 MP6) build 7061 (12.1.7061.6600).

@diarmaidlindsay
Copy link

diarmaidlindsay commented May 21, 2018

Symantec is installed on my work PC and its such a CPU hog that it impedes my work, so time and again I would like to be able to disable it (but the network admin prohibits that through the normal means). Thank you so much for this workaround and for saving my sanity!

@viquu
Copy link

viquu commented Mar 19, 2019

Thanks, It's work!
On Mojave with Symantec 14.

@brutedawg
Copy link

brutedawg commented Aug 1, 2019

lifesaver. this old imac has always ran like a turd after leaving it on overnight and i usually come back seeing symantec just CHUGGIN resources. after running this, the machine is like a new baby boi... i'lll just have to remember to turn it back on when IT comes patrolling through.

thanks for this!

@yunusaldogan
Copy link

yunusaldogan commented Oct 5, 2019

Thanks for the script. I works perfect!

@fachsimpler
Copy link

fachsimpler commented Oct 16, 2019

Hi Steve, nice handy script thanks a lot.
Worked fine till yesterday but with the new Catalina Version (19A602) it does not work anymore.
Could not find specified service
The Services still exist in /Library/LaunchDaemons/ but they are not unloaded. I also cannot unload or disable the services manually.

Does anyone have similar Problems?

@darkangel67
Copy link

darkangel67 commented Dec 7, 2019

I'm running SEP 14.2.2 (14.2 RU2) build 5323 (14.2.5323.2000). I have an issue with MacOS Catalina [10.15.1 (19B88)]. Whenever I run the stop script, the network functionality fails. In the Activity Monitor, com.symantec.mes.systemextension continues to run. Network functionality is resumed after restarting SEP.

@JRR-OSU
Copy link

JRR-OSU commented Mar 3, 2020

I'm running SEP 14.2.2 (14.2 RU2) build 5323 (14.2.5323.2000). I have an issue with MacOS Catalina [10.15.1 (19B88)]. Whenever I run the stop script, the network functionality fails. In the Activity Monitor, com.symantec.mes.systemextension continues to run. Network functionality is resumed after restarting SEP.

Same behavior noted as well, albeit recently.

@darkplataform
Copy link

darkplataform commented May 23, 2020

Do anyone have a script for the new version that has this process?:
com.symantec.wssad.plist
because every time I unload this process all internet connection and browsing goes haywire. Sometimes connects sometimes doesn't. Most of the time it just doesn't load anything.

@crkrenn
Copy link

crkrenn commented Jul 10, 2020

Stopping SEP on OS 10.15 (Catalina)

OS 10.15 has started using systemextensionsctl to manage extensions, and Symantec is one of the first companies to use this.

Steps:

  1. Install the sep tool as described above under Installation.
  2. To use systemextensionsctl on OS 10.15, you need to disable System Integrity Protection. This requirement may be removed in future OS X releases, and it only needs to be done once.
    1. First, boot into recovery mode by restarting your Mac and hold Command+R as it boots.
    2. Launch terminal from the Utilities menu.
    3. Type csrutil disable.
    4. Reboot.
  3. To kill all Symantec processes:
    1. Run sep stop as an admin user.
    2. Run systemextensionsctl list:
    enabled	active	teamID	bundleID (version)	name	[state]
    	9PTGMPNXZ2	com.symantec.mes.systemextension (10.0.0/10.0.0)	Symantec System Extension	[terminated waiting to uninstall on reboot]
    
    1. Run systemextensionsctl uninstall 9PTGMPNXZ2 com.symantec.mes.systemextension. (The team ID may be different for you. Please send feedback whether or not your installation of SEP has the same teamID.) Note that this command must be run by an admin user while logged into the OS X GUI. This is necessary because the systemextensionsctl command requests a password via dialog box.

@vvchistyakov
Copy link

vvchistyakov commented Aug 6, 2020

After that the issue of network functionality still hasn't been resolved.

@WonkiJo
Copy link

WonkiJo commented Nov 18, 2020

Thanks, it works!

@yvoronenko-reflexion
Copy link

yvoronenko-reflexion commented Nov 18, 2020

Thank you very much! Very helpful

@trongthanh
Copy link

trongthanh commented Dec 7, 2020

@crkrenn, I can confirm that I can see the same team ID '9PTGMPNXZ2' for 'com.symantec.mes.systemextension' but I also see another service with following ID:

enabled	active	teamID	bundleID (version)	name	[state]
*	*	Y2CCP3S9W7	com.broadcom.mes.systemextension (9.0.4/9.0.4)	Symantec System Extension	[activated enabled]

I uninstalled both.

UPDATED:

Like previous commenters have noted, once I run sep stop then the machine cannot not access internet at all. (Even with com.broadcom.mes.systemextension already deactivated and uninstalled.

@liuhaoXD
Copy link

liuhaoXD commented Mar 26, 2021

Thanks, Very helpful 👍

@arnabghoshTW
Copy link

arnabghoshTW commented Jun 22, 2021

Thank you so much !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment