Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Stop and start Symantec Endpoint Protection on OS X

This script enables you stop and start Symantec Endpoint Protection on OS X

Installation

sudo curl https://gist.githubusercontent.com/steve-jansen/61a189b6ab961a517f68/raw/sep -o /usr/local/bin/sep
sudo chmod 755 /usr/local/bin/sep
sudo chown root:staff /usr/local/bin/sep

/etc/sudoers

If your user account is not a member of the admin group (i.e., not an OS X Administrator), you need to add the following line to /etc/sudoers using sudo visudo tool:

myusername ALL= NOPASSWD: /usr/local/bin/sep

Example

me:~$ sep stop
/usr/local/bin/sep: relaunching as sudo /usr/local/bin/sep
/usr/local/bin/sep: unloading Symantec Endpoint Protection daemon
/usr/local/bin/sep: unloading Symantec Endpoint Protection shared settings daemon
/usr/local/bin/sep: closing Symantec Endpoint Protection UI widget
me:~$ sudo /usr/local/bin/sep start
/usr/local/bin/sep: relaunching as sudo /usr/local/bin/sep
/usr/local/bin/sep: loading Symantec Endpoint Protection daemon
/usr/local/bin/sep: unloading Symantec Endpoint Protection shared settings daemon
/usr/local/bin/sep: launching Symantec Endpoint Protection UI widget
#!/bin/bash
# relaunch with sudo if we aren't root
if [[ $EUID -ne 0 ]]; then
echo "$0: relaunching as sudo $0 $1 $USER"
sudo "$0" $1 $USER
exit $?
fi
real_user=$USER
if [ -n "$2" ]; then
real_user=$2
fi
stop() {
echo $0: unloading Symantec Endpoint Protection daemon
launchctl unload /Library/LaunchDaemons/com.symantec.symdaemon.*plist
echo $0: unloading Symantec Endpoint Protection shared settings daemon
launchctl unload /Library/LaunchDaemons/com.symantec.sharedsettings.*plist
echo $0: closing Symantec Endpoint Protection UI widget as $real_user
sudo -u $real_user launchctl unload /Library/LaunchAgents/com.symantec.uiagent.application.*plist
}
start() {
echo $0: loading Symantec Endpoint Protection daemon
launchctl load /Library/LaunchDaemons/com.symantec.symdaemon.*plist
echo $0: loading Symantec Endpoint Protection shared settings daemon
launchctl load /Library/LaunchDaemons/com.symantec.sharedsettings.*plist
echo $0: launching Symantec Endpoint Protection UI widget as $real_user
sudo -u $real_user launchctl load /Library/LaunchAgents/com.symantec.uiagent.application.*plist
}
case "$1" in
start)
start
;;
stop)
stop
;;
*)
echo "Usage: $0 [start|stop]"
;;
esac
@lambdalisue

This comment has been minimized.

Copy link

@lambdalisue lambdalisue commented Dec 16, 2014

You saved me! Thanks for this script !

@MadConan

This comment has been minimized.

Copy link

@MadConan MadConan commented Jun 16, 2015

So awesome. The daemon had been running for 4 hours at 100+%. Stopping and restarting totally worked. THANKS!!

@thebalaa

This comment has been minimized.

Copy link

@thebalaa thebalaa commented Oct 20, 2015

thank you

@airtonjal

This comment has been minimized.

Copy link

@airtonjal airtonjal commented Oct 22, 2015

Thanks Steve! That helps a lot 👍

@JESii

This comment has been minimized.

Copy link

@JESii JESii commented Dec 30, 2015

Not working on Yosemite:

$ sep stop
/usr/local/bin/sep: relaunching as sudo /usr/local/bin/sep stop XXX
/usr/local/bin/sep: unloading Symantec Endpoint Protection daemon
/Library/LaunchDaemons/com.symantec.symdaemon.plist: No such file or directory
/usr/local/bin/sep: unloading Symantec Endpoint Protection shared settings daemon
/Library/LaunchDaemons/com.symantec.sharedsettings.plist: No such file or directory
/usr/local/bin/sep: closing Symantec Endpoint Protection UI widget as XXX
/Library/LaunchAgents/com.symantec.uiagent.application.plist: No such file or directory
@snakeninny

This comment has been minimized.

Copy link

@snakeninny snakeninny commented Nov 4, 2016

You made my day. Thanks!

P.S. If the process "nwjs helper" is eating up to 150% CPU usage on your macOS, try turning SEP off.

@steve-jansen

This comment has been minimized.

Copy link
Owner Author

@steve-jansen steve-jansen commented May 24, 2017

@JESii Figured out the solution here

Per https://support.symantec.com/en_US/article.TECH134203.html, we need to use com.symantec.symdaemon.*plist to match on com.symantec.symdaemon.plist for SEP 12.x and com.symantec.symdaemon.NFW.plist for SEP 14.x

the asterisk in daemon pathnames will accommodate suffix variations - SEP 12.1.x uses .plist and SEP 14.0 uses .NFM.plist

I've updated this gist and confirmed it's working on Sierra with SEP 14.x.

@odinb

This comment has been minimized.

Copy link

@odinb odinb commented Feb 15, 2018

Thanks! Really neat script! Works on High Sierra with Symantec 12.1.6 (12.1 RU6 MP6) build 7061 (12.1.7061.6600).

@diarmaidlindsay

This comment has been minimized.

Copy link

@diarmaidlindsay diarmaidlindsay commented May 21, 2018

Symantec is installed on my work PC and its such a CPU hog that it impedes my work, so time and again I would like to be able to disable it (but the network admin prohibits that through the normal means). Thank you so much for this workaround and for saving my sanity!

@viquu

This comment has been minimized.

Copy link

@viquu viquu commented Mar 19, 2019

Thanks, It's work!
On Mojave with Symantec 14.

@brutedawg

This comment has been minimized.

Copy link

@brutedawg brutedawg commented Aug 1, 2019

lifesaver. this old imac has always ran like a turd after leaving it on overnight and i usually come back seeing symantec just CHUGGIN resources. after running this, the machine is like a new baby boi... i'lll just have to remember to turn it back on when IT comes patrolling through.

thanks for this!

@yunusaldogan

This comment has been minimized.

Copy link

@yunusaldogan yunusaldogan commented Oct 5, 2019

Thanks for the script. I works perfect!

@fachsimpler

This comment has been minimized.

Copy link

@fachsimpler fachsimpler commented Oct 16, 2019

Hi Steve, nice handy script thanks a lot.
Worked fine till yesterday but with the new Catalina Version (19A602) it does not work anymore.
Could not find specified service
The Services still exist in /Library/LaunchDaemons/ but they are not unloaded. I also cannot unload or disable the services manually.

Does anyone have similar Problems?

@darkangel67

This comment has been minimized.

Copy link

@darkangel67 darkangel67 commented Dec 7, 2019

I'm running SEP 14.2.2 (14.2 RU2) build 5323 (14.2.5323.2000). I have an issue with MacOS Catalina [10.15.1 (19B88)]. Whenever I run the stop script, the network functionality fails. In the Activity Monitor, com.symantec.mes.systemextension continues to run. Network functionality is resumed after restarting SEP.

@JRR-OSU

This comment has been minimized.

Copy link

@JRR-OSU JRR-OSU commented Mar 3, 2020

I'm running SEP 14.2.2 (14.2 RU2) build 5323 (14.2.5323.2000). I have an issue with MacOS Catalina [10.15.1 (19B88)]. Whenever I run the stop script, the network functionality fails. In the Activity Monitor, com.symantec.mes.systemextension continues to run. Network functionality is resumed after restarting SEP.

Same behavior noted as well, albeit recently.

@darkplataform

This comment has been minimized.

Copy link

@darkplataform darkplataform commented May 23, 2020

Do anyone have a script for the new version that has this process?:
com.symantec.wssad.plist
because every time I unload this process all internet connection and browsing goes haywire. Sometimes connects sometimes doesn't. Most of the time it just doesn't load anything.

@crkrenn

This comment has been minimized.

Copy link

@crkrenn crkrenn commented Jul 10, 2020

Stopping SEP on OS 10.15 (Catalina)

OS 10.15 has started using systemextensionsctl to manage extensions, and Symantec is one of the first companies to use this.

Steps:

  1. Install the sep tool as described above under Installation.
  2. To use systemextensionsctl on OS 10.15, you need to disable System Integrity Protection. This requirement may be removed in future OS X releases, and it only needs to be done once.
    1. First, boot into recovery mode by restarting your Mac and hold Command+R as it boots.
    2. Launch terminal from the Utilities menu.
    3. Type csrutil disable.
    4. Reboot.
  3. To kill all Symantec processes:
    1. Run sep stop as an admin user.
    2. Run systemextensionsctl list:
    enabled	active	teamID	bundleID (version)	name	[state]
    	9PTGMPNXZ2	com.symantec.mes.systemextension (10.0.0/10.0.0)	Symantec System Extension	[terminated waiting to uninstall on reboot]
    
    1. Run systemextensionsctl uninstall 9PTGMPNXZ2 com.symantec.mes.systemextension. (The team ID may be different for you. Please send feedback whether or not your installation of SEP has the same teamID.) Note that this command must be run by an admin user while logged into the OS X GUI. This is necessary because the systemextensionsctl command requests a password via dialog box.
@vvchistyakov

This comment has been minimized.

Copy link

@vvchistyakov vvchistyakov commented Aug 6, 2020

After that the issue of network functionality still hasn't been resolved.

@WonkiJo

This comment has been minimized.

Copy link

@WonkiJo WonkiJo commented Nov 18, 2020

Thanks, it works!

@yvoronenko-reflexion

This comment has been minimized.

Copy link

@yvoronenko-reflexion yvoronenko-reflexion commented Nov 18, 2020

Thank you very much! Very helpful

@trongthanh

This comment has been minimized.

Copy link

@trongthanh trongthanh commented Dec 7, 2020

@crkrenn, I can confirm that I can see the same team ID '9PTGMPNXZ2' for 'com.symantec.mes.systemextension' but I also see another service with following ID:

enabled	active	teamID	bundleID (version)	name	[state]
*	*	Y2CCP3S9W7	com.broadcom.mes.systemextension (9.0.4/9.0.4)	Symantec System Extension	[activated enabled]

I uninstalled both.

UPDATED:

Like previous commenters have noted, once I run sep stop then the machine cannot not access internet at all. (Even with com.broadcom.mes.systemextension already deactivated and uninstalled.

@liuhaoXD

This comment has been minimized.

Copy link

@liuhaoXD liuhaoXD commented Mar 26, 2021

Thanks, Very helpful 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment