DLP Agent fresh installations fail on macOS 13 endpoints with Apple Silicon hardware
21101
06 December 2022
06 December 2022
Dear Broadcom Customer:
The purpose of this advisory is to inform you of a potential problem that affects Symantec Data Loss Prevention. Please read the information provided below and follow the instructions in order to avoid being impacted by this problem.
PRODUCT(S) AFFECTED: Symantec Data Loss Prevention
RELEASE: 15.8 and 16.0
PROBLEM DESCRIPTION: As a result of sandboxing changes that were introduced in macOS 13, fresh installations of the DLP Agent fail in specific scenarios on macOS 13 endpoints that run on Apple Silicon hardware. The issue occurs when the agent installer is launched from a location other than the /tmp directory and the installer is unable to read the agent .plist file due to sandboxing.
WORKAROUND: Use one of the following workarounds to complete a successful fresh installation:
-
-
- Launch the agent installer from the /tmp directory.
- If the agent installer is located in a directory other than /tmp, do one of the following actions:
- Grant full-disk access to the Terminal application.
- Grant the Terminal application access to the directory where the agent installer is located.
-
MORE INFORMATION: The following table summarizes various fresh installation scenarios and indicates failures that are caused by the sandboxing changes.
| DLP Agent version | macOS version | Processor | Fresh installation result |
| 15.8 | macOS 13 | Apple Silicon | Fail |
| 15.8 | macOS 13 | Intel | Pass |
| 15.8 | macOS 12.6 | Apple Silicon | Pass |
| 15.8 | macOS 12.6 | Intel | Pass |
| 16 | macOS 13 | Apple Silicon | Fail |
| 16 | macOS 13 | Intel | Pass |
| 16 | macOS 12.6 | Apple Silicon | Pass |
| 16 | macOS 12.6 | Intel | Pass |