Mail is not working with AMP 1.14.x (Big Sur)

Oleksandr Fisun · ‎01-13-2021

Dear community,

We've manually installed Cisco AMP 1.14.1.807 on OS X Big Sur and approved required System Extensions according to advisory: https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/216089-advisory-for-amp-for-endpoints-mac-conne.html

Here is the output of

%systemextensionsctl list
4 extension(s)
--- com.apple.system_extension.network_extension
enabled	active	teamID	bundleID (version)	name	[state]
*	*	DE8Y96K9QP	com.cisco.endpoint.svc.networkextension (1.14.1/807)	AMP Network Extension	[activated enabled]
--- com.apple.system_extension.endpoint_security
enabled	active	teamID	bundleID (version)	name	[state]
*	*	DE8Y96K9QP	com.cisco.endpoint.svc.securityextension (1.14.1/807)	AMP Security Extension	[activated enabled]

Network Filter is also enabled and Active:

Screenshot at Jan 13 14-50-27.png

And once Cisco AMP installed and everything is approved the native Mail client could not connect to the server.

We've also tried Jamf MDM to deploy the AMP connector but result the same - native Mail client stopped working properly.

Oliver Kaiser · ‎01-24-2021

I tried recreating the issue on Big Sur with amp4e connector 1.14.1.807 without any success. I would advise opening a TAC case to find the root cause, without providing a troubleshoot-file it's hard to pinpoint what the exact issue is - since the ts-file includes a lot of data of the endpoint I would advise against uploading it to the support community.

Hope that helps