Why is my Cisco AMP running in a degraded mode after upgrading to MacOS Big Sur?

Once a Mac endpoint is upgraded to Big Sur, Cisco AMP will run in Degraded Mode:

In this mode, there is no malware or virus endpoint protection for the Mac. The only solution is to upgrade to the latest version of Cisco AMP Mac Connector, 1.14.0.794 or higher, and have the end user approve the Cisco AMP system extensions and Full Disk Access.

Security Operations will perform the upgrade on the user’s behalf, including any computers not managed by local Faculty, Department, or Research IT.  The upgrade to the latest connector occurs silently in the background with no restart or reboot required.  The end user will have to enable content filtering, the security extensions, and full disk access for Cisco AMP.

1. Approving Network Content Filtering and System Extensions 

In order for Cisco AMP to function properly, the end user must allow for the AMP for Endpoints Service to filter network content and to allow the AMP for Endpoints Service to load.

• Click Allow for the Filter Network Content prompt.
• Click the lock to allow changes to be made under Security and Privacy settings.
• Allow and approve AMP Security Extensions.

• Click the two check boxes next to AMP for Endpoints Service and click OK.

2. Approving Full Disk Access

In order to scan the hard disk properly, Cisco AMP needs full disk access. The end user must approve full disk access from the macOS Security & Privacy Preferences. Please place a check box for the AMP for Endpoints Service and AMP Security Extension:

3. Notifications Prompt

At the end of the upgrade, the Mac Operating System will prompt the end user to allow Notifications for Cisco AMP. Security Operations recommends to choose Allow.