This article describes the changes occurred to Endpoint Security for Mac following the release of macOS Big Sur.

macOS Big Sur, the most recent version of Apple’s operating system for desktops and laptops, uses technologies that affect the behavior of the Endpoint Security for Mac agent.

Specifically, Apple has replaced the previous kernel extensions with system extensions, which run in the user space. Therefore, Bitdefender has switched for Endpoint Security for Mac from kernel extensions to system extensions too. One system extension in particular requires more attention from users: the network extension.

To work properly, some of the Endpoint Security for Mac features or network components (Antiphising, Traffic Scan and Web Access Control in the Content Control module, and the EDR Sensor) require the following approvals from users:

• Approval for the network extension
• Approval for the tunneling application used to filter the internet traffic
• Approval for the SSL certificate

Important: Starting with version 4.15.127.200127, Endpoint Security for Mac provides full support for Content Control in macOS Big Sur 11.2 (see the release notes). Previously on macOS Big Sur 11.0 and 11.1, Content Control had entered the passthrough mode and stopped any connection filtering when another application with a network extension was installed on the endpoint (for example, Cisco AnyConnect VPN). This happened due to an incompatibility issue of the operating system. In such situation, the GravityZone console displayed the following error message: "Unknown issue (Product.NetworkExtensionIsDisabled.NetworkExtensionIncompatibility)". For details about the Endpoint Security for Mac support in macOS Big Sur, refer to this article.

The network extension

At installation

In the previous versions of macOS, kernel extensions required approval only at the first installation of Endpoint Security for Mac. In macOS Big Sur, the network extension requires approval every time the agent or a network component is installed or reinstalled (unless another component is already installed).

At installation, Mac users receive the following System Extension Blocked warning message for the network extension:

"The program "SecurityNetworkInstallerApp" tried to load new system extension(s). If you want to enable these extensions, open Security & Privacy System Preferences."

To approve the network extension:

1. Click Open Security Preferences.
2. Go to Security & Privacy > General.
3. Click the lock at the bottom of the window to make changes.

   

4. Enter your system credentials and click Unlock.

   

5. Click Allow for the blocked system extension.

With the network extension not approved, Endpoint Security for Mac displays a You are at risk warning with the following message in the View Issues window:

"Install and allow the network extension to enable full protection."

To fix the issue:

1. Click Install now to open the Security & Privacy window.
2. Click the lock at the bottom of the window to make changes.
3. Enter your system credentials and click Unlock.
4. Click Allow for the blocked system extension.

At uninstall

In macOS Big Sur, the network extension requires user approval when the agent or the network components are uninstalled (no other component remains installed).

If the user does not approve the change, the agent or the component will not be uninstalled.

The tunneling application

The system extension runs in the user space, so Endpoint Security for Mac uses a tunneling application (like a VPN) to filter the traffic. This application also requires approval.

In the "BDLDaemon" Would Like to Add Proxy Configurations window, click Allow.

With the application not approved, Endpoint Security for Mac displays a You are at risk warning and the following message in the View Issues window:

"Install the network component by allowing BDLDaemon.app to add Proxy Configuration."

The Proxy Configuration will be added to System Preferences > Network.

Bitdefender DCI connects only if the network extension was approved.

The SSL certificate

To filter the HTTPS traffic, Endpoint Security for Mac requires the approval of a SSL certificate.

If the Trust Settings are not updated, Endpoint Security for Mac displays a You are at risk warning and the following message in the View Issues window:

"The SSL certificate is not trusted. Please trust the certificate to enable SSL protection."

To trust the SSL certificate:

1. Click Open Keychain Access.
2. Double-click on Bitdefender CA SSL.

   

3. Expand the Trust section.

   

4. Click When using this certificate and select Always Trust.

   

5. Close the window.
6. Enter your system credentials and click Update Settings.

   

If the network extension, the tunneling application and the SSL certificate are not approved, Endpoint Security for Mac displays warning messages at every three hours.

Note: In addition to the procedures described above, Endpoint Security for Mac requires full disk access in macOS Big Sur. For details, refer to this article.