Issue
- Remotely install ESET Endpoint Security or ESET Endpoint Antivirus (6.x) for macOS Big Sur (11) and later
- Remotely install ESET Endpoint Antivirus (7.x) for macOS Big Sur (11) and later
Details
For more information about MDM and configuration profiles visit Apple documentation.
Solution
Remotely install ESET Endpoint Security or Antivirus (6.x) for macOS
-
Enroll the computers you want to install the ESET Endpoint product to, to Apple-approved MDM. If you are using Jamf, follow our dedicated Jamf knowledgebase article.
-
Create four configuration profiles. The profiles will allow system extensions for your ESET product, full disk access, Web access protection, and (ESET Endpoint Security only) firewall access.
Create configuration profile to allow system extension
Create a configuration profile with the following settings:
Team identifier (TeamID) P8DQRXPVLP Bundle identifier (BundleID) com.eset.endpoint com.eset.network com.eset.firewall com.eset.devices If your MDM does not allow you to create a System extension configuration profile, you can create a custom profile. Download our pre-made configuration profile and copy-paste the content of it or upload it directly to your MDM.
Create a configuration profile to allow full disk access
Create a configuration profile with the following settings:
ESET Endpoint Antivirus Identifier com.eset.eea.6 Identifier Type bundleID Code Requirement identifier "com.eset.eea.6" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP App or Service SystemPolicyAllFiles Access Allow ESET Endpoint Security Identifier com.eset.ees.6 Identifier Type bundleID Code Requirement identifier "com.eset.ees.6" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP App or Service SystemPolicyAllFiles Access Allow Alternatively, you can download our premade configuration profile and copy-paste its content or upload it directly to your MDM.
Create configuration profile to allow Web access protection
To add Web access protection configuration to system settings remotely, perform one of the following actions before the installation:
- Download the .plist configuration file. Deploy the
.plist
configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers. - To create your own configuration profile, create a VPN type configuration profile with the following settings:
VPN type VPN Connection type Custom SSL Identifier for the custom SSL VPN com.eset.sysext.manager Server localhost Provider Bundle Identifier com.eset.network User authentication Certificate Provider Type App-proxy Provider Designated Requirement identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP Enable VPN on Demand ✓ On Demand Rules Configuration XML <array>
<dict>
<key>Action</key>
<string>Connect</string>
</dict>
</array>Idle Timer Do not disconnect Proxy Setup Manual Proxy Server And Port localhost : 57856 - Download the .plist configuration file. Deploy the
Create configuration profile to allow firewall (ESET Endpoint Security only)
To add firewall configuration to system settings remotely, perform one of the following actions before the installation:
-
Download the .plist configuration file. Deploy the .plist configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers.
-
Create a content filter configuration profile for the firewall with the following settings:
Identifier com.eset.ees.6 Filter order Firewall Socket Filter com.eset.firewall Socket filter designated requirement identifier "com.eset.firewall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP -
-
After deploying configuration profiles, you can install your ESET product. You can deploy it through your MDM or use ESET PROTECT or ESET PROTECT On-Prem.
Remotely install ESET Endpoint Antivirus (7.x) for macOS
-
Enroll the computers you want to install the ESET Endpoint product to, to Apple-approved MDM. If you are using Jamf, follow our dedicated Jamf Knowledgebase article.
-
Create three configuration profiles. The profiles will allow system extensions for your ESET product, full disk access and Web access protection.
Create configuration profile to allow system extension.
Create a configuration profile with the following settings:
Team identifier (TeamID) P8DQRXPVLP Bundle identifier (BundleID) com.eset.endpoint com.eset.network com.eset.devices If your MDM does not allow you to create a System extension configuration profile, you can create a custom profile. Download our pre-made configuration profile and copy-paste the content of it or upload it directly to your MDM.
Create a configuration profile to allow full disk access.
Create a configuration profile with the following settings:
ESET Endpoint Antivirus Identifier com.eset.eea.g2 Identifier Type bundleID Code Requirement identifier "com.eset.eea.g2" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP App or Service SystemPolicyAllFiles Access Allow Alternatively, you can download our premade configuration profile and copy-paste its content or upload it directly to your MDM.
Create configuration profile to allow Web access protection.
To add Web access protection configuration to system settings remotely, perform one of the following actions before the installation:
- Download the .plist configuration file. Deploy the .plist configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers.
- To create your own configuration profile, create a VPN type configuration profile with the following settings:
VPN type VPN Connection type Custom SSL Identifier for the custom SSL VPN com.eset.network.manager Server localhost Provider Bundle Identifier com.eset.network User authentication Certificate Provider Type App-proxy Provider Designated Requirement identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP Enable VPN on Demand ✓ On Demand Rules Configuration XML <array>
<dict>
<key>Action</key>
<string>Connect</string>
</dict>
</array>Idle Timer Do not disconnect Proxy Setup Manual Proxy Server And Port localhost : 57856 -
After deploying configuration profiles, you can install your ESET product. You can deploy it through your MDM or use ESET PROTECT or ESET PROTECT On-Prem.