Apple’s macOS Sequoia Release Causing Issues For EDR Tools: Reports
Endpoint security tools from CrowdStrike, Microsoft and SentinelOne are reportedly among those impacted by the recently released version of macOS.
Endpoint security tools from CrowdStrike, Microsoft and SentinelOne are reportedly among those seeing issues in cases where customers upgraded to Apple’s recently released version of macOS.
Reports from outlets including TechCrunch, Apple Insider and BleepingComputer have identified the release of macOS 15, known as Sequoia, as the likely source of the errors that users are seeing. The Sequoia release of macOS debuted Monday.
[Related: Sophos CEO On How EDR Vendors, Microsoft Are ‘Rethinking’ Security After CrowdStrike Outage]
TechCrunch cited posts on social media that have pointed to difficulties with endpoint detection and response (EDR) tools from CrowdStrike, Microsoft and SentinelOne that seem to be related to installation of the new version of macOS.
BleepingComputer reported that ESET, as well as CrowdStrike and SentinelOne, are among the endpoint security products impacted by the problem. The issue has affected some VPN products as well, according to the report.
“Getting partial website loads and sometimes just blank screens with the new MacOS,” reads one post on Reddit, cited by BleepingComputer. “Disabling the [CrowdStrike] Falcon network filter seems to solve it. Anyone else getting this?”
A post from an apparent CrowdStrike employee responded to Reddit post with a link to a CrowdStrike support portal post, which is not public.
“We have updated the above support article to highlight any possible known issues if you do have hosts running Falcon on Sequoia, and new MDM requirements with attached configuration profile,” the response from the apparent CrowdStrike employee reads.
As quoted by BleepingComputer, the CrowdStrike portal reportedly advises customers to “not upgrade until a Mac sensor is released that fully supports macOS 15 Sequoia.”
“We are currently waiting for a MacOS Sequoia update and will provide official support,” CrowdStrike said in a statement Friday.
Researchers that spoke with Apple Insider indicated that the errors may be connected to DNS- and firewall-related issues in macOS 15.
Based on currently available information, the most likely scenario does appear to be that changes related to macOS Sequoia firewall are involved in the issues, said Mayuresh Dani, manager of security research at Qualys, in an email Friday.
In a statement provided to CRN Friday, ESET’s Tony Anscombe said that in this case, “compatibility between our software and MacOS [requires] the ESET product to be updated prior to or at the same time as the MacOS updates.”
“Currently, macOS Sequoia supports ESET Endpoint Security version 8.1.6.0 and later and ESET Cyber Security version 7.5.74.0 and later,” said Anscombe, chief security evangelist for ESET.
SentinelOne said in a statement that the volume of support inquiries related to macOS Sequoia are consistent with “normal major OS rollouts from the likes of Apple or Microsoft.”
“As a standard best practice with any new OS release, we always recommend updating the SentinelOne Agent on your Mac to the latest supported version before you update the actual OS itself,” the company said in the statement.
CRN has reached out to Apple and Microsoft for comment.