[KB7718] Install ESET Endpoint for Mac version 6.10 remotely on macOS Big Sur (11)

Issue

  • Install ESET Endpoint Security or Antivirus for Mac version 6.10 on a computer with macOS Big Sur remotely

Details

For more information about MDM and configuration profiles visit Apple documentation.

Solution

  1. Enroll the computers you want to install ESET Endpoint product to, to Apple-approved MDM. If you are using Jamf, follow our dedicated Jamf Knowledgebase article.

  2. Create four configuration profiles. The profiles will allow system extensions for your ESET product, full disk access, Web access protection, and (ESET Endpoint Security only) firewall access.

Installation steps

It is important to deploy the following configuration profile on your computer before installing ESET Endpoint for Mac.

  1. Create configuration profile to allow system extension.

    Create a configuration profile with the following settings:

    Team identifier (TeamID) P8DQRXPVLP
    Bundle identifier (BundleID) com.eset.endpoint
    com.eset.network
    com.eset.firewall
    com.eset.devices

    If your MDM does not allow you to create a System extension configuration profile, you can create a custom profile. Download our pre-made configuration profile and copy-paste the content of it or upload it directly to your MDM.

  2. Create configuration profile to allow full disk access.

    Create a configuration profile with the following settings:

    ESET Endpoint Antivirus
    Identifier com.eset.eea.6
    Identifier Type bundleID
    Code Requirement identifier "com.eset.eea.6" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
    App or Service SystemPolicyAllFiles
    Access Allow
    ESET Endpoint Security
    Identifier com.eset.ees.6
    Identifier Type bundleID
    Code Requirement identifier "com.eset.ees.6" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
    App or Service SystemPolicyAllFiles
    Access Allow

    Alternatively, you can download our premade configuration profile and copy-paste its content or upload it directly to your MDM.

  3. Create configuration profile to allow Web access protection.

    To add Web access protection configuration to system settings remotely, perform one of the following actions before the installation:

    • Download the .plist configuration file. Deploy the .plist configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers.
    • To create your own configuration profile, create a VPN type configuration profile with the following settings:
    VPN type VPN
    Connection type Custom SSL
    Identifier for the custom SSL VPN com.eset.sysext.manager
    Server localhost
    Provider Bundle Identifier com.eset.network
    User authentication Certificate
    Provider Type App-proxy
    Provider Designated Requirement identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
    Enable VPN on Demand ✓
    On Demand Rules Configuration XML <array>
    <dict>
    <key>Action</key>
    <string>Connect</string>
    </dict>
    </array>
    Idle Timer Do not disconnect
    Proxy Setup Manual
    Proxy Server And Port localhost : 57856
  4. (ESET Endpoint Security only) Create configuration profile to allow firewall.

    To add firewall configuration to system settings remotely, perform one of the following actions before the installation:

    • Download the .plist configuration file. Deploy the .plist configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers.

    • Create a content filter configuration profile for the firewall with the following settings:

    Identifier com.eset.ees.6
    Filter order Firewall
    Socket Filter com.eset.firewall
    Socket filter designated requirement identifier "com.eset.firewall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
  5. After deploying configuration profiles, you can install your ESET product. You can deploy it through your MDM or use ESET PROTECT.