I have an endpoint that I was able to get running the EAP 10.0.3 Big Sur agent. The agent was in good health and reporting normally until the next morning. It had pulled an update then within five minutes of applying the update it had disabled it's real time protection and was no longer in good health. The user is reporting repeating requests for full disk access and despite applying these key extensions and rebooting the agent keeps requesting them. It is showing the 10.0.1 version again and I cannot get it to pull down the update.I have collected the SDU from the device and would be happy to share it out. Let me know if you need any additional information.
That's most peculiar, sorry to hear you're having issues - this behaviour is definitely not expected.
We'd love to see the SDU so we can analyze the issue. While we're looking at that can you confirm that the endpoint is still assigned to the EAP?
"Looking in the log it appears that this endpoint is using Update Caches, which are currently not supported in the EAP.
It would appear that the endpoint is sometimes able to access the update cache and then attempts to update to the version in the cache which is 10.0.1.
The extensions are only required when 10.0.3 is installed so if connectivity between the endpoint and the UC is intermittent, this could cause the 'flipping' version numbers."
Dave pointed out above the SDU was showing the issue was tied to the client trying to access our Update Cache which isn't supported in the EAP. Once I organized the EAP machines into a group set to not route to our Update Cache the user was able to approve the key extensions and stay on the 10.0.3 endpoint. I'm watching it but it looks to have sorted out the issue!