It’s tough to use any SSL without running into errors and failures.
I didn’t have this problem before Sequoia and Sentinel One always worked fine until now.
I removed Sentinel One and all the errors disappeared (no need to reboot after I took it off).
Have you updated the agent version since Sequoia only works I think on the latest one or two agent versions?
I can’t quite remember without checking but it seems like you need a recent release.
Vesper said:
Have you updated the agent version since Sequoia only works I think on the latest one or two agent versions?
I can’t quite remember without checking but it seems like you need a recent release.
I don’t install the agent myself; it’s automatically updated by Sentinel One as they put out new versions.
The current network monitoring system extension version seems to be this
com.sentinelone.network-monitoring (24.1.1/7353)
We’re opening a ticket with Sentinel One to sort out this issue.
Vesper said:
Have you updated the agent version since Sequoia only works I think on the latest one or two agent versions?
I can’t quite remember without checking but it seems like you need a recent release.
I don’t install the agent myself; it’s automatically updated by Sentinel One as they put out new versions.
The current network monitoring system extension version seems to be this
com.sentinelone.network-monitoring (24.1.1/7353)
We’re opening a ticket with Sentinel One to sort out this issue.
Check the console, find your endpoint, and try to update it. Something tells me it needs to be 24.1.2 but don’t hold me to that. Maybe trying a manual upgrade on the agent could help.
Baylen said:
Vesper said:
Have you updated the agent version since Sequoia only works I think on the latest one or two agent versions?
I can’t quite remember without checking but it seems like you need a recent release.
I don’t install the agent myself; it’s automatically updated by Sentinel One as they put out new versions.
The current network monitoring system extension version seems to be this
com.sentinelone.network-monitoring (24.1.1/7353)
We’re opening a ticket with Sentinel One to sort out this issue.
Check the console, find your endpoint, and try to update it. Something tells me it needs to be 24.1.2 but don’t hold me to that. Maybe trying a manual upgrade on the agent could help.
I just installed version 24.2.2, which is the required minimum version for Sentinel One and Sequoia. We just discovered this on the portal by checking the latest release notes from Sept 16th.
I’ll keep you posted on how it goes; thanks for pointing me in the right direction. Hopefully, this helps others and resolves the SSL issues.
By the way, they still have some lingering issues with Sequoia regarding app authorizations we need to grant manually as apps try to connect to the network and there’s some odd SSH session dropping problem. I hope they fix those soon, too.
Vesper said:
Baylen said:
Vesper said:
Have you updated the agent version since Sequoia only works I think on the latest one or two agent versions?
I can’t quite remember without checking but it seems like you need a recent release.
I don’t install the agent myself; it’s automatically updated by Sentinel One as they put out new versions.
The current network monitoring system extension version seems to be this
com.sentinelone.network-monitoring (24.1.1/7353)
We’re opening a ticket with Sentinel One to sort out this issue.
Check the console, find your endpoint, and try to update it. Something tells me it needs to be 24.1.2 but don’t hold me to that. Maybe trying a manual upgrade on the agent could help.
I just installed version 24.2.2, which is the required minimum version for Sentinel One and Sequoia. We just discovered this on the portal by checking the latest release notes from Sept 16th.
I’ll keep you posted on how it goes; thanks for pointing me in the right direction. Hopefully, this helps others and resolves the SSL issues.
By the way, they still have some lingering issues with Sequoia regarding app authorizations we need to grant manually as apps try to connect to the network and there’s some odd SSH session dropping problem. I hope they fix those soon, too.
Unfortunately, the SSL issue is still happening; I need to uninstall it again
Vesper said:
Baylen said:
Vesper said:
Have you updated the agent version since Sequoia only works I think on the latest one or two agent versions?
I can’t quite remember without checking but it seems like you need a recent release.
I don’t install the agent myself; it’s automatically updated by Sentinel One as they put out new versions.
The current network monitoring system extension version seems to be this
com.sentinelone.network-monitoring (24.1.1/7353)
We’re opening a ticket with Sentinel One to sort out this issue.
Check the console, find your endpoint, and try to update it. Something tells me it needs to be 24.1.2 but don’t hold me to that. Maybe trying a manual upgrade on the agent could help.
I just installed version 24.2.2, which is the required minimum version for Sentinel One and Sequoia. We just discovered this on the portal by checking the latest release notes from Sept 16th.
I’ll keep you posted on how it goes; thanks for pointing me in the right direction. Hopefully, this helps others and resolves the SSL issues.
By the way, they still have some lingering issues with Sequoia regarding app authorizations we need to grant manually as apps try to connect to the network and there’s some odd SSH session dropping problem. I hope they fix those soon, too.
No worries, I found out about it recently by chance, but MacOS has its quirks around app authorizations for me.
Sentinel One often has PCCP type files to allow silent installs by adding the authorization, but I don’t usually deal with MacOS so I’m not super knowledgeable.
Hope it helped a bit and got you on the right track. Always good to share feedback as I work with a lot of clients, so knowing any potential issues is a big help!
Before upgrading to Sequoia, make sure to check the articles below and upgrade your agents to version 24.2 GA (24.2.2.7632).
https://community.sentinelone.com/s/article/000010306
https://your-console.sentinelone.net/soc-docs/en/macos-sequoia-support.html
https://community.sentinelone.com/s/article/000004970
https://your-console.sentinelone.net/soc-docs/en/agent-requirements-on-macos.html
Perrin said:
Before upgrading to Sequoia, make sure to check the articles below and upgrade your agents to version 24.2 GA (24.2.2.7632).
https://community.sentinelone.com/s/article/000010306
https://your-console.sentinelone.net/soc-docs/en/macos-sequoia-support.html
https://community.sentinelone.com/s/article/000004970
https://your-console.sentinelone.net/soc-docs/en/agent-requirements-on-macos.html
We updated the agent to 24.2, but only after I upgraded to Sequoia. The SSL issue still remains. Should we think about reinstalling Sentinel One?
Perrin said:
Before upgrading to Sequoia, make sure to check the articles below and upgrade your agents to version 24.2 GA (24.2.2.7632).
https://community.sentinelone.com/s/article/000010306
https://your-console.sentinelone.net/soc-docs/en/macos-sequoia-support.html
https://community.sentinelone.com/s/article/000004970
https://your-console.sentinelone.net/soc-docs/en/agent-requirements-on-macos.html
We updated the agent to 24.2, but only after I upgraded to Sequoia. The SSL issue still remains. Should we think about reinstalling Sentinel One?
I also updated Chrome to the latest version and didn’t see the SSL errors for a bit.
Edit: this morning the problem returned, so it’s still not fixed for me
Perrin said:
Before upgrading to Sequoia, make sure to check the articles below and upgrade your agents to version 24.2 GA (24.2.2.7632).
https://community.sentinelone.com/s/article/000010306
https://your-console.sentinelone.net/soc-docs/en/macos-sequoia-support.html
https://community.sentinelone.com/s/article/000004970
https://your-console.sentinelone.net/soc-docs/en/agent-requirements-on-macos.html
We did upgrade to 24.2.2 since we were on 24.1.1, but the issue continued. Not just in Chrome but also in many command-line tools we use like Docker, maven builds pulling dependencies over HTTPS, and so on.
Right now, the only fix aside from downgrading back to Sonoma is to remove Sentinel One and ensure the network filter system extension is unloaded until it gets sorted out, whether by Sentinel One, Apple, or the app developers if the issue lies there…
Perrin said:
Before upgrading to Sequoia, make sure to check the articles below and upgrade your agents to version 24.2 GA (24.2.2.7632).
https://community.sentinelone.com/s/article/000010306
https://your-console.sentinelone.net/soc-docs/en/macos-sequoia-support.html
https://community.sentinelone.com/s/article/000004970
https://your-console.sentinelone.net/soc-docs/en/agent-requirements-on-macos.html
It’s interesting that articles are behind a login and you need an account to view them. If you are just a regular user of Sentinel One and not an IT person managing it, tough luck… you won’t be able to read it.
I apparently do have the mentioned GA version of Sentinel One and I’m still running into those ERR_SSL_PROTOCOL_ERROR errors.
I’m having the same problem. Everything that involves using a certificate isn’t functioning. HTTPS, Remote desktop, Azure/Bastion traffic, SSH with cert authentication, and more.
I’m not using Sentinel One; I found this place through a Google search. I’m on MS Defender here.
I’ll keep watching this.
Taj said:
I’m having the same problem. Everything that involves using a certificate isn’t functioning. HTTPS, Remote desktop, Azure/Bastion traffic, SSH with cert authentication, and more.
I’m not using Sentinel One; I found this place through a Google search. I’m on MS Defender here.
I’ll keep watching this.
This is likely a similar problem related to network filtering and how those applications work. Check if you have a filter, as I think MS Defender does as well (Settings → Network → Filters → Content Filter). If you can disable it, give that a shot.
For me, I couldn’t just turn off one specific filter, so I had to delete Sentinel One entirely, which is not what I wanted.
Taj said:
I’m having the same problem. Everything that involves using a certificate isn’t functioning. HTTPS, Remote desktop, Azure/Bastion traffic, SSH with cert authentication, and more.
I’m not using Sentinel One; I found this place through a Google search. I’m on MS Defender here.
I’ll keep watching this.
This is likely a similar problem related to network filtering and how those applications work. Check if you have a filter, as I think MS Defender does as well (Settings → Network → Filters → Content Filter). If you can disable it, give that a shot.
For me, I couldn’t just turn off one specific filter, so I had to delete Sentinel One entirely, which is not what I wanted.
I found this thread through Google and can confirm that Sequoia and Defender alongside a network filter are causing lots of problems right now. I put Sequoia on my work Mac last week to test it and have seen various issues today like HTTPS websites timing out, not being able to control machines with ARD, and SSH file transfers failing with a message saying ‘ssh_dispatch_run_fatal: Connection to 10.2.1.233 port 22: Connection corrupted’. Turning off the Defender network filter seems to have fixed all these problems.
Honestly, I wasn’t even aware it was enabled. I set up Defender a while ago using the lengthy MS guide, and it must have been one of the steps. I have a JAMF config profile called ‘defender network extension’ which I might just disable since I really don’t want Defender affecting my network traffic.
Baylen said:
Taj said:
I’m having the same problem. Everything that involves using a certificate isn’t functioning. HTTPS, Remote desktop, Azure/Bastion traffic, SSH with cert authentication, and more.
I’m not using Sentinel One; I found this place through a Google search. I’m on MS Defender here.
I’ll keep watching this.
This is likely a similar problem related to network filtering and how those applications work. Check if you have a filter, as I think MS Defender does as well (Settings → Network → Filters → Content Filter). If you can disable it, give that a shot.
For me, I couldn’t just turn off one specific filter, so I had to delete Sentinel One entirely, which is not what I wanted.
I found this thread through Google and can confirm that Sequoia and Defender alongside a network filter are causing lots of problems right now. I put Sequoia on my work Mac last week to test it and have seen various issues today like HTTPS websites timing out, not being able to control machines with ARD, and SSH file transfers failing with a message saying ‘ssh_dispatch_run_fatal: Connection to 10.2.1.233 port 22: Connection corrupted’. Turning off the Defender network filter seems to have fixed all these problems.
Honestly, I wasn’t even aware it was enabled. I set up Defender a while ago using the lengthy MS guide, and it must have been one of the steps. I have a JAMF config profile called ‘defender network extension’ which I might just disable since I really don’t want Defender affecting my network traffic.
Do you have Firewall turned on in Network → Firewall → Firewall by any chance?
I know I do and I’m starting to think that Defender and Sentinel One filters might be conflicting with it.
I’ll try disabling the Firewall (since it usually defaults to OFF on MacOS) and then reinstall Sentinel One to see if that helps.
Check out this link: https://discussions.apple.com/thread/255761702?sortBy=rank
Many people have reported issues if both MacOS Firewall and a network filter like Defender, Sentinel One, or others are running together. It seems more like a MacOS issue or bug at this point.
u/SentinelOne-Pascal FYI… This could be the root cause; I’ll test it out and let you know how it goes (including in my ticket with Sentinel One Support).
Fintan said:
Baylen said:
Taj said:
I’m having the same problem. Everything that involves using a certificate isn’t functioning. HTTPS, Remote desktop, Azure/Bastion traffic, SSH with cert authentication, and more.
I’m not using Sentinel One; I found this place through a Google search. I’m on MS Defender here.
I’ll keep watching this.
This is likely a similar problem related to network filtering and how those applications work. Check if you have a filter, as I think MS Defender does as well (Settings → Network → Filters → Content Filter). If you can disable it, give that a shot.
For me, I couldn’t just turn off one specific filter, so I had to delete Sentinel One entirely, which is not what I wanted.
I found this thread through Google and can confirm that Sequoia and Defender alongside a network filter are causing lots of problems right now. I put Sequoia on my work Mac last week to test it and have seen various issues today like HTTPS websites timing out, not being able to control machines with ARD, and SSH file transfers failing with a message saying ‘ssh_dispatch_run_fatal: Connection to 10.2.1.233 port 22: Connection corrupted’. Turning off the Defender network filter seems to have fixed all these problems.
Honestly, I wasn’t even aware it was enabled. I set up Defender a while ago using the lengthy MS guide, and it must have been one of the steps. I have a JAMF config profile called ‘defender network extension’ which I might just disable since I really don’t want Defender affecting my network traffic.
Do you have Firewall turned on in Network → Firewall → Firewall by any chance?
I know I do and I’m starting to think that Defender and Sentinel One filters might be conflicting with it.
I’ll try disabling the Firewall (since it usually defaults to OFF on MacOS) and then reinstall Sentinel One to see if that helps.
Check out this link: https://discussions.apple.com/thread/255761702?sortBy=rank
Many people have reported issues if both MacOS Firewall and a network filter like Defender, Sentinel One, or others are running together. It seems more like a MacOS issue or bug at this point.
u/SentinelOne-Pascal FYI… This could be the root cause; I’ll test it out and let you know how it goes (including in my ticket with Sentinel One Support).
Also:
https://www.techopedia.com/news/macos-sequoia-update-causes-issues-for-security-tools-and-vpns
Looks like we aren’t alone here.
I see Defender listed as a filter, but I can’t turn it off as it’s activated by a profile. I’m an admin in our Intune and Defender portals, but I’m not quite sure how to disable it in our profile.