There’s been a bit of a kerfuffle recently as some endpoint security service providers complain that macOS Sequoia has broken their products in some way.
Even if true, what I can’t figure out is why these problems were not identified during the extensive beta testing period, and if they were, why no one fixed them and why customers weren’t warned about the problems by vendors before the new OS shipped.
But the experience is inconsistent
Look at it this way: While products from some security vendors appear to have been affected by changes in how Sequoia handles networking, other systems seem to be compatible — though an update is required.
Reports emerged soon after Sequoia shipped last week claiming that security products from CrowdStrike, SentinelOne, Microsoft, and others had stopped working properly. The reasons for the problems seem to relate to changes in networking, according to security researcher Patrick Wardle. It seems some network settings must be changed to enable the security software to function.
According to Wardle, Apple was made aware of the problems. “Apple 100% knew about this,” he wrote.
But the issue appears to be different for different vendors. For example, while SentinelOne products were reportedly affected at first, the company says nothing about this, instead warning users last week to upgrade to the latest version of their security agent.
“Our engineering teams have been working hard over the summer to ensure that SentinelOne was ready to support macOS 15 on the day of release. Our extensive beta testing has resulted in support with macOS Agent version 24.2.2,” they said. “Customers are reminded that, as always, it is vital to update the agent to the supported version prior to upgrading the OS.”
Some might think that SentineOne’s warning hints that the problems faced by endpoint security tools is repairable with a software patch. After all, ESET is also telling users to upgrade their security to version 7 or later for Sequoia compatibility.
However, Microsoft and CrowdStrike (who I suppose had other things on their mind in recent weeks), are currently warning users not to upgrade to macOS Sequoia pending some kind of fix.
What is the problem?
Researcher Will Dormann pointed to firewall- and DNS-related issues as the culprit. He explains that using Sequoia’s built-in firewall to block incoming connections might also block replies to DNS requests.
All the same, what I find difficult to understand is why security companies failed to adequately flag these issues during the beta testing process, or, if they did, failed to warn users that problems might emerge. It is, after all, unlikely that Apple would make any additional changes to the OS after the release of the final RC (Release Candidate) during beta testing.
With that in mind, surely developers should already have tested their solutions and identified any potential problems. That some have already updated their software to be compatible with Sequoia suggests that’s possible. If that’s true, why did other security developers fail to keep pace? (The Register claims Apple was made aware of the problems, but no fix emerged.)
Apple hasn’t said anything. It probably should.
Problems happen, so fix them fast
In the end, perhaps it doesn’t matter where the problem comes from, as long as it is soon fixed.
After all, any customer relying on third-party endpoint security services to maintain security on the world’s most inherently secure computer platform deserves to know those services do what they say they’ll do.
If you are affected by this problem, check with your vendor and delay updating to Sequoia until they provide a compatibility update. While you’re at it, you might want to ask them just how much of their engineering resources were allocated to beta testing Sequoia prior to its release, and why advanced warning of any identified problems was not given.
Please follow me on LinkedIn, Mastodon, or join me in the AppleHolic’s bar & grill group on MeWe.
