All versions of Elastic Endpoint are affected by a bug in macOS 13 (Ventura) which disables previously granted Full Disk Access. This bug does not affect Elastic Endpoints managed by an MDM solution.
Steps to reproduce:
Install Elastic Endpoint on macOS 12 (Monterey) without MDM
Follow these steps to grant all permissions needed
See that after approval Endpoint's status in the Security App's Endpoint page is HEALTHY
Upgrade to macOS 13 (Ventura)
See that Endpoint's status in the Security App is is now UNHEALTHY because Full Disk Access is no longer approved
Workaround
In Settings -> Security & Privacy -> Privacy -> Full Disk Access, remove Full Disk Access approval from ElasticEndpoint and co.elastic.systemextension
Re-enable Full Disk Access in the same location. A reboot may be required between these two steps.
This bug is in macOS not Elastic Endpoint. It will be fixed by an update to macOS.
Applications using Endpoint Security extensions might lose Full Disk Access authorization, impacting their ability to function. This issue doesn’t affect MDM-enabled extensions. (100857507)
Workaround: Removing and re-adding Full Disk Access in Settings for these extensions might resolve the issue.
All versions of Elastic Endpoint are affected by a bug in macOS 13 (Ventura) which disables previously granted Full Disk Access. This bug does not affect Elastic Endpoints managed by an MDM solution.
Steps to reproduce:
Workaround
ElasticEndpoint
andco.elastic.systemextension
This bug is in macOS not Elastic Endpoint. It will be fixed by an update to macOS.