Without Mobile Device Management (MDM):
IMPORTANT: This solution requires manual intervention to configure MCP on Big Sur 11.2:
Configuration |
User Experience |
Standalone installation on macOS Big Sur without an MDM profile |
- When you install MCP on standalone Mac systems, if user consent is not available for the McAfee System Extension, MCP can’t apply the policy configured.
- MCP tries to automatically load the McAfee System Extension extensions every 10 seconds after the installation until user consent is available.
- User sees a McAfee Alert that prompts whether to allow the McAfee System extensions from the Security and Privacy System Preferences panel.
NOTE: MCP status shows ExtAutErr until the user provides consent.
- After the user gives consent MCP applies the configured policy. On applying policy, the McAfeeSystemExtensions is prompted for user consent in network settings. This consent is also needed.
|
ePolicy Orchestrator (ePO) deployment on macOS Big Sur without an MDM profile |
- When you deploy MCP on ePO managed Mac systems, if user consent is not available for the McAfee System Extension, MCP can’t apply the policy configured.
- MCP tries to automatically load the McAfee system extensions every 10 seconds after the deployment.
- User sees a McAfee Alert that prompts whether to allow the McAfee system extensions from the Security and Privacy System Preferences pane.
NOTE: MCP status shows ExtAutErr until the user provides consent.
- After the user gives consent MCP applies the configured policy. On applying policy, the McAfeeSystemExtensions is prompted for user consent in network settings. This consent is also needed.
|
Upgrade from macOS Catalina with MCP 3.x present |
Before upgrading macOS Catalina to Big Sur 11.2, uninstalling MCP 3.x is optional.
After macOS Big Sur upgrade, the MCP 3.x status displays Driver Error, this status is expected.
After the Big Sur upgrade, MCP 4.x can be installed. User consent is needed according to above scenario. |
NOTE: If you have already installed ENSM Firewall on a system, user consent is not needed. Because consent would have been provided while activating ENSM Firewall.