Product Troubleshooting Common topics

Size of the hive.db file under the HiveRoot folder is large and keeps growing on the Windows endpoint client
Can the Elements Business accounts and accesses to the different portals be combined?
Guide to WithSecure Ideas for New Community Users
Obtaining Entra ID User Count for Pricing and User Account Allocation
Why is F-Secure application incompatible with WithSecure Elements Agent or Business Suite Client Security?
Why is F-Secure application incompatible with WithSecure Elements Agent or Business Suite Client Security?
Why does RDP connection not work when Application Control rules are active on a Windows server 2022?
DeepGuard prevented an untrusted application from modifying another process
How to add a user to the Partner Portal for e-Ordering and etc?
Getting an error of "Your login to WithSecure™ Partner Portal failed." when logging into Partner Portal

Some system processes bypass the F-Secure application layer firewall on macOS 11 "Big Sur"

Note: Apple has fixed this issue from macOS 11.2 onwards. This is still a relevant issue in macOS 11.0, however, as described in this article.

With the macOS 11.0 "Big Sur" release, F-Secure changed to using a new type of Apple network extension API for its firewall implementation. This change has been a mandatory requirement from Apple, which moved away from using a kernel based approach on macOS Catalina 10.15.5.

We have since found out that certain system processes bypass the F-Secure application layer firewall as a direct result of using this new network extension API. This issue is an Apple issue and not only affects F-Secure products, but also other firewall products, as well as VPNs.

This issue affects the following F-Secure corporate products:

Computer Protection and RDR for Mac starting with build 35217 running on macOS 11 Big Sur, and macOS Catalina 10.15.5 or later
Client Security 15.00 for Mac running macOS 11.0 Big Sur, and macOS Catalina 10.15.5 or later

We have addressed our concerns about this issue with Apple, as have other vendors, and will continue to do so. What we do next and how we tackle this issue in F-Secure products depends on how Apple intends to respond to the issue in future macOS releases.

As far as we are aware, the following system processes on macOS are being bypassed:

/System/Applications/App Store.app/Contents/MacOS/App Store

/System/Library/CoreServices/cloudpaird

/System/Library/CoreServices/mapspushd

/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated

/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd

/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter

/System/Library/PrivateFrameworks/ApplePushService.framework/apsd

/System/Library/PrivateFrameworks/AppStoreDaemon.framework/Support/appstoreagent

/System/Library/PrivateFrameworks/AppStoreDaemon.framework/Support/appstored

/System/Library/PrivateFrameworks/AssetCacheServices.framework/Versions/A/XPCServices/AssetCacheLocatorService.xpc/Contents/MacOS/AssetCacheLocatorService

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd

/System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd

/System/Library/PrivateFrameworks/CommerceKit.framework/Resources/commerced

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/commerce

/System/Library/PrivateFrameworks/CoreLSKD.framework/Versions/A/lskdd

/System/Library/PrivateFrameworks/CoreParsec.framework/parsecd

/System/Library/PrivateFrameworks/CoreSpeech.framework/corespeechd

/System/Library/PrivateFrameworks/DistributedEvaluation.framework/Versions/A/XPCServices/com.apple.siri-distributed-evaluation.xpc/Contents/MacOS/com.apple.siri-distributed-evaluation

/System/Library/PrivateFrameworks/FamilyCircle.framework/Versions/A/Resources/familycircled

/System/Library/PrivateFrameworks/FamilyNotification.framework/FamilyNotification

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

/System/Library/PrivateFrameworks/HomeKitDaemon.framework/Support/homed

/System/Library/PrivateFrameworks/IDS.framework/identityservicesd.app/Contents/MacOS/identityservicesd

/System/Library/PrivateFrameworks/IDSFoundation.framework/IDSRemoteURLConnectionAgent.app/Contents/MacOS/IDSRemoteURLConnectionAgent

/System/Library/PrivateFrameworks/IMCore.framework/imagent.app/Contents/MacOS/imagent

/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent

/System/Library/PrivateFrameworks/IMTransferServices.framework/IMTransferAgent.app/Contents/MacOS/IMTransferAgent

/System/Library/PrivateFrameworks/MapsSuggestions.framework/MapsSuggestions

/System/Library/PrivateFrameworks/MapsSupport.framework/MapsSupport

/System/Library/PrivateFrameworks/MediaStream.framework/MediaStream

/System/Library/PrivateFrameworks/MusicLibrary.framework/MusicLibrary

/System/Library/PrivateFrameworks/PassKitCore.framework/passd

/System/Library/PrivateFrameworks/ProtectedCloudStorage.framework/Helpers/ProtectedCloudKeySyncing

/System/Library/PrivateFrameworks/SyncedDefaults.framework/Support/syncdefaultsd

/System/Library/TextInput/kbd

/usr/libexec/coreduetd

/usr/libexec/diagnosticd

/usr/libexec/findmydeviced

/usr/libexec/fmfd

/usr/libexec/locationd

/usr/libexec/mdmclient

/usr/libexec/mobileactivationd

/usr/libexec/mobileassetd

/usr/libexec/networkserviceproxy

/usr/libexec/rtcreportingd

/usr/libexec/secd

/usr/libexec/siriknowledged

/usr/libexec/swcd

/usr/libexec/tailspind

/usr/libexec/teslad

/usr/libexec/timed

/usr/libexec/trustd

/usr/sbin/securityd

com.apple.facetime