Skip to main content

SCEP for Mac

By November 3, 2016September 11th, 2020Best Practices, Blog
System Center Endpoint Protection 2012 Microsoft logo

I’ve been working on getting System Center Endpoint Protection (SCEP) installed on some Macs via SCCM. I followed this handy blog from Microsoft: and everything went well…  except that SCCM reported that the SCEP client wasn’t getting installed.

On the Mac itself, SCEP was present, but SCCM had error in the Deployment Status: “The application was not detected after installation completed successfully.”

Well, that’s annoying. The install worked, but SCCM can’t confirm it. So, something was awry with the application’s detection method. That information is populated from the package that is created using Microsoft’s toolset for this exact process, so I had hoped it’d be accurate. Unfortunately, I was wrong.

Since the detection methods are based on package IDs, I did some digging on the Mac using “pkgutil –pkgs” to determine what the Mac believed it had installed and got this:


I also used “pkgutil –pkginfo” to confirm appropriate versions (which all came back good).

So, next was to compare against what SCCM was looking for:


I reviewed each clause to make sure the package ID matched what the Mac was reporting, and found a discrepancy. The second clause was looking for:

But none were looking for:

So, I changed the clause to match and tried again, but that didn’t work either. Finally, I also removed the Application Bundle ID clause as well (since I had confirmed that all other clauses were correct).

After that, SCCM was able to detect that SCEP was installed on the Mac and reported the installation as a success.

Shane Skriletz, PEI

Leave a Reply