Elements portal shows Malware protection malfunction status for an Elements Endpoint Protection for Mac device

Issue:

The device status in the Elements Endpoint Protection Portal shows that the Malware protection status as Malfunction on the Mac device and Overall protection is shown with Malware issue status. How to get this fixed?

Resolution:

If the MacOS device's malware protection status is shown to be in malfunction status, the most likely reason is that Elements Agent has not been granted Full Disk Access and the WithSecure System extension hasn't been enabled. You can from the Elements portal check the status of both of these by opening the device details and then from the Protection status tab you expand the Security parameters drop-down list. From there you can make sure that both Full Disk Access and System extension are shown as Enabled. The software needs both of these to function as intended.

Normally after product installation there would appear a notification pop-up on the right side of the screen which would forward the user to the correct MacOS settings page where the user can allow Full Disk Access and the WithSecure System Extension for the Elements Agent. If the user did not click on the notification pop-up after product installation, they need to manually allow these from the MacOS settings.

You need to do the following:

Go to System Preferences (Apple logo menu from top left corner)
Click Security and Privacy
Click Privacy
Select Full Disk Access on the left pane
Click the lock in the bottom-left corner to make changes, and login with your Mac password (if prompted)
Tick the box next to WithSecure Elements Agent and WithSecure System Extension on the list
Click the lock again to prevent further changes

If for some reason the Full disk access list would be empty, try restarting the computer and try again. If all else fails, uninstall and reinstall Elements Agent and allow the Full Disk Access and the WithSecure System Extension immediately after installation.

Full disk access and WithSecure System Extension installation can also be automated using MDM: https://community.withsecure.com/en/kb/articles/31284-pre-announcement-new-withsecure-client-for-macos

If issue is not caused by the extensions, it is also recommended to check your firewall and proxy (if applicable) settings to make sure that the software can download all the required updates and connect to the Elements portal:

Port 443 (HTTPS)
Port 80 (HTTP)

*.f-secure.com
*.fsapi.com
*.digicert

ocsp.rootca1.amazontrust.com
crl.sca1b.amazontrust.com
ocsp.rootg2.amazontrust.com
ocsp.sca1b.amazontrust.com
crl3.digicert.com
crl4.digicert.com
ocsp.digicert.com

Article no: 000043093