SEP (Symantec Endpoint Protection) for Mac may register a HWID (Hardward ID, AKA Hardware Key) that is the same as one or more Mac clients. This may result in only one client entry listed in the SEPM (SEP Manager) for several machines, or other reporting discrepancies.
Ususally this is the result of some type of cloning operation. SEP for Mac should regenerate a new HWID when there has been changes to the network adapter MAC addresses or disk numbering, but in some situations it may continue using old HWID data.
To force SEP for Mac to regenerate its HWID, perform the following steps:
Unload symdaemon by entering the following command in Terminal: sudo launchctl unload /Library/LaunchDaemons/com.symantec.symdaemon.*plist
Delete the following files - make note of HARDWAREID in the xml file: /Library/Application\ Support/Symantec/SMC/SymantecRegistry.bak /Library/Application\ Support/Symantec/SMC/SymantecRegistry.xml
Enabling sylink debug logging - this will force regeneration of new SymantecRegistry.xml file. It may take some moments (after restarting symdaemon below) before it is repopulated with HARDWAREID
NOTE: SEP for Mac generates its HWID based on a fixed hash (no randomization) of network adapter MAC address(es), hard drive volume IDs, and macOS serial number. Repeating the steps above should result in the same HWID; if the result is a new one then you can assume that the old was a duplicate or otherwise based on hardware that is no longer present. You may see the HWID as HARDWAREID in xml file above, or by enabling sylink debug logging and searching smc_debug.log for "hardware key"
ID: 3885068, 4154450
Subscribing will provide email updates when this Article is updated. Login is required.