This article describes the changes occurred to Endpoint Security for Mac following the release of macOS Big Sur.

macOS Big Sur, the most recent version of Apple’s operating system for desktops and laptops, uses technologies that affect the behavior of the Endpoint Security for Mac agent.

Specifically, Apple has replaced the previous kernel extensions with system extensions, which run in the user space. Therefore, Bitdefender has switched for Endpoint Security for Mac from kernel extensions to system extensions too. One system extension in particular requires more attention from users: the network extension.

To work properly, some of the Endpoint Security for Mac features or network components (Antiphising, Traffic Scan and Web Access Control in the Content Control module; also EDR sensor up to version 4.17.24.200174) require approval for the following components:

• Network extension
• Proxy configuration
• SSL certificate

If the network extension and the proxy configuration are not approved, Endpoint Security for Mac displays warning messages in interface. Also, the system will prompt users to allow them at every three hours.

If the SSL certificate is not installed or not trusted, Endpoint Security for Mac will show a warning message in interface.

Important: Starting with version 4.15.127.200127, Endpoint Security for Mac provides full support for Content Control in macOS Big Sur 11.2 (see the release notes). Previously in macOS 11.0 and 11.1, Content Control had entered the passthrough mode and stopped any connection filtering when another application with a network extension was installed on the endpoint (for example, Cisco AnyConnect VPN). This happened due to an incompatibility issue of the operating system. In such situation, the GravityZone console displayed the following error message: "Unknown issue (Product.NetworkExtensionIsDisabled.NetworkExtensionIncompatibility)". For details about the Endpoint Security for Mac support in macOS Big Sur, refer to this article.

Network extension

At installation

In the previous versions of macOS, kernel extensions required approval only at the first installation of Endpoint Security for Mac. In macOS Big Sur, the network extension requires approval every time the agent or a network component is installed or reinstalled (unless another component is already installed).

At installation, Mac users receive the following System Extension Blocked warning message for the network extension:

"The program "SecurityNetworkInstallerApp" tried to load new system extension(s). If you want to enable these extensions, open Security & Privacy System Preferences."

Important:

To approve the network extension:

1. Click Open Security Preferences.
2. Go to Security & Privacy > General.
3. Click the lock at the bottom of the window to make changes.

   

4. Enter your system credentials and click Unlock.

   

5. Click Allow for the blocked system extension.

With the network extension not approved, Endpoint Security for Mac displays a You are at risk warning with the following message in the View Issues window:

"Install and allow the network extension to enable full protection."

To fix the issue:

1. Click Install now to open the Security & Privacy window.
2. Click the lock at the bottom of the window to make changes.
3. Enter your system credentials and click Unlock.
4. Click Allow for the blocked system extension.

At uninstall

In macOS Big Sur, the network extension requires user approval when the agent or the network components are uninstalled (no other component remains installed).

If the user does not approve the change, the agent or the component will not be uninstalled.

Proxy configuration

The system extension runs in the user space, so Endpoint Security for Mac use a tunneling application (like a VPN) to filter the traffic. This application also requires approval.

In the "BDLDaemon" Would Like to Add Proxy Configurations window, click Allow.

With the proxy configuration not approved, Endpoint Security for Mac displays a You are at risk warning and the following message in the View Issues window:

"Install the network component by allowing BDLDaemon.app to add Proxy Configuration."

The Proxy Configuration will be added to System Preferences > Network.

Bitdefender DCI connects only if the network extension has been approved.

SSL certificate

To filter HTTPS traffic, Endpoint Security for Mac requires that a SSL certificate is installed and trusted. Endpoint Security for Mac will install the certificate only if the security policy applied on the endpoint has the Scan SSL option enabled.

If the SSL certificate is not installed or not trusted, Endpoint Security for Mac will display You are at risk warning and the following messages in the View Issues window:

"Install the SSL certificate to enable SSL protection."

To install the certificate, click Install.

"The SSL certificate is not trusted. Please trust the certificate to enable SSL protection."

To trust the certificate, click Trust.

You can trust the the SSL certificate in Keychain Access:

1. Open Keychain Access.
2. Double-click on Bitdefender CA SSL.

   

3. Expand the Trust section.

   

4. Click When using this certificate and select Always Trust.

   

5. Close the window.
6. Enter your system credentials and click Update Settings.

   

Note: In addition to the procedures described above, Endpoint Security for Mac requires full disk access in macOS Big Sur. For details, refer to this article.