Solution
-
Enroll the computers to Apple-approved MDM (see the guide for Apple Platform Deployment). If you are using Jamf, follow our dedicated Jamf Knowledgebase article.
-
Create configuration profiles. The profiles will allow system extensions, Full disk access, Web and Email protection, and Firewall for your ESET product.
Create a configuration profile to allow system extensions
To enable system extensions on your device remotely, create a configuration profile in your MDM before the installation. Use the following settings:
Team identifier (TeamID) P8DQRXPVLP Bundle identifier (BundleID) com.eset.endpoint com.eset.network com.eset.firewall If your MDM does not allow you to create a system extension configuration profile, you can create a custom profile. Download our pre-made configuration profile, copy and paste the content, or upload it directly to your MDM.
Create a configuration profile to enable Full disk access
To enable Full disk access remotely, perform one of the following actions before installation:
-
If your device is managed by ESET PROTECT On-Prem or ESET PROTECT, you need to enable Full disk access for ESET Management Agent. Download the .plist payload file for ESET Management Agent.
-
Create a configuration profile in your MDM using the .plist payload. Download the .plist payload file for ESET Endpoint Security for macOS.
-
Create a configuration profile using the following settings:
Identifier com.eset.ees.g2 Identifier Type bundleID Code Requirement identifier "com.eset.ees.g2" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP App or Service SystemPolicyAllFiles Access Allow
Alternatively, you can download our pre-made configuration profile, copy and paste its content, or upload it directly to your MDM.
-
Create a configuration profile to allow Web and Email protection
To add Web and Email protection configuration to system settings remotely, create a VPN type configuration profile before the installation. Use the following settings:
-
Download the .plist configuration file. Deploy the
.plistconfiguration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy the configuration profiles to those computers. -
Web and Email protection configuration is removed after uninstalling ESET Endpoint Security. If you need to uninstall and install the product, you need to deploy the Web and Email protection configuration to the target computers after the uninstallation again.
VPN type VPN Connection type Custom SSL Identifier for the custom SSL VPN com.eset.network.manager Server localhost Provider Bundle Identifier com.eset.network User authentication Certificate Provider Type App-proxy Provider Designated Requirement identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP Enable VPN on Demand Yes On Demand Rules Configuration XML <array>
<dict>
<key>Action</key>
<string>Connect</string>
</dict>
</array>Idle Timer Do not disconnect Proxy Setup None Proxy Server And Port localhost : 57856 -
Create a configuration profile to allow Firewall
To add Firewall configuration to system settings remotely, create a content filter configuration profile for the Firewall before the installation. Use the following settings:
Identifier com.eset.firewall.manager Filter order Firewall Socket Filter com.eset.firewall Socket filter designated requirement identifier "com.eset.firewall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
-
After deploying configuration profiles, you can install ESET Endpoint Security using your MDM or ESET PROTECT.
