[KB7718] Remotely install ESET Endpoint products for macOS

Issue

Solution

Remotely install the latest version of ESET Endpoint products for macOS 

  1. Enroll the computers you want to install the ESET Endpoint product to, to Apple-approved MDM. If you are using Jamf, follow our dedicated Jamf Knowledgebase article.

  2. Create configuration profiles. The profiles will allow system extensions for your ESET product, full disk access and Web access protection.

Installation steps

It is important to deploy the following configuration profile on your computer before installing your ESET Endpoint product for macOS.

  1. Create a configuration profile to allow system extensions

    To enable system extensions on your device remotely, create a configuration profile in your MDM before the installation. Use the following settings:

    Team identifier (TeamID) P8DQRXPVLP
    Bundle identifier (BundleID) com.eset.endpoint
    com.eset.network
    com.eset.firewall

    If your MDM does not allow you to create a System extension configuration profile, you can create a custom profile. Download our pre-made configuration profile and copy-paste the content of it or upload it directly to your MDM.

  2. Create a configuration profile to enable full disk access

    To enable full disk access remotely, perform one of the following actions before installation:

    If your device is managed by ESET PROTECT On-Prem or ESET PROTECT, you need to enable full disk access for ESET Management Agent. Download the .plist payload file for ESET Management Agent.

    Create a configuration profile in your MDM using the .plist payload. Download the .plist payload file for ESET Endpoint Antivirus for macOS

    Create a configuration profile using the following settings:

    ESET Endpoint Antivirus
    Identifier com.eset.eea.g2
    Identifier Type bundleID
    Code Requirement identifier "com.eset.eea.g2" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
    App or Service SystemPolicyAllFiles
    Access Allow
    ESET Endpoint Security
    Identifier com.eset.ees.g2
    Identifier Type bundleID
    Code Requirement identifier "com.eset.ees.g2" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
    App or Service SystemPolicyAllFiles
    Access Allow

    Alternatively, you can download our premade configuration profile and copy-paste its content or upload it directly to your MDM.

  3. Create a configuration profile to allow Web and Email protection

    To add Web and Email protection configuration to system settings remotely, create a VPN type configuration profile before the installation. Use the following settings:

    • Download the .plist configuration file. Deploy the .plist configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers.

    • Web and Email protection configuration is removed after uninstalling ESET Endpoint Security. If you need to uninstall and install ESET Endpoint Security, you need to deploy the Web and Email protection configuration to the target computer after the uninstallation again.

    VPN type VPN
    Connection type Custom SSL
    Identifier for the custom SSL VPN com.eset.network.manager
    Server localhost
    Provider Bundle Identifier com.eset.network
    User authentication Certificate
    Provider Type App-proxy
    Provider Designated Requirement identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
    Enable VPN on Demand Yes
    On Demand Rules Configuration XML <array>
    <dict>
    <key>Action</key>
    <string>Connect</string>
    </dict>
    </array>
    Idle Timer Do not disconnect
    Proxy Setup None
    Proxy Server And Port localhost : 57856
  4. Create a configuration profile to allow a firewall (ESET Endpoint Security version 8.x only)

    To add firewall configuration to system settings remotely, create a content filter configuration profile for the firewall before the installation/upgrade. Use the following settings:

    Identifier com.eset.firewall.manager
    Filter order Firewall
    Socket Filter com.eset.firewall
    Socket filter designated requirement identifier "com.eset.firewall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
  5. After deploying configuration profiles, you can install your ESET product. You can deploy it through your MDM or use ESET PROTECT or ESET PROTECT On-Prem.


Remotely install ESET Endpoint products for macOS version 6.x

  1. Enroll the computers you want to install the ESET Endpoint product to, to Apple-approved MDM. If you are using Jamf, follow our dedicated Jamf knowledgebase article.

  2. Create configuration profiles. The profiles will allow system extensions for your ESET product, full disk access, Web access protection, and (ESET Endpoint Security only) firewall access.

Installation steps

It is important to deploy the following configuration profile on your computer before installing ESET endpoint products for macOS.

  1. Create a configuration profile to allow system extensions

    Create a configuration profile with the following settings:

    Team identifier (TeamID) P8DQRXPVLP
    Bundle identifier (BundleID) com.eset.endpoint
    com.eset.network
    com.eset.firewall
    com.eset.devices

    If your MDM does not allow you to create a System extension configuration profile, you can create a custom profile. Download our pre-made configuration profile and copy-paste the content of it or upload it directly to your MDM.

  2. Create a configuration profile to allow full disk access

    Create a configuration profile with the following settings:

    ESET Endpoint Antivirus
    Identifier com.eset.eea.6
    Identifier Type bundleID
    Code Requirement identifier "com.eset.eea.6" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
    App or Service SystemPolicyAllFiles
    Access Allow
    ESET Endpoint Security
    Identifier com.eset.ees.6
    Identifier Type bundleID
    Code Requirement identifier "com.eset.ees.6" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
    App or Service SystemPolicyAllFiles
    Access Allow

    Alternatively, you can download our premade configuration profile and copy-paste its content or upload it directly to your MDM.

  3. Create a configuration profile to allow Web access protection

    To add Web access protection configuration to system settings remotely, perform one of the following actions before the installation:

    • Download the .plist configuration file. Deploy the .plist configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers.
    • To create your own configuration profile, create a VPN-type configuration profile with the following settings:

    VPN type VPN
    Connection type Custom SSL
    Identifier for the custom SSL VPN com.eset.sysext.manager
    Server localhost
    Provider Bundle Identifier com.eset.network
    User authentication Certificate
    Provider Type App-proxy
    Provider Designated Requirement identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
    Enable VPN on Demand Yes
    On Demand Rules Configuration XML <array>
    <dict>
    <key>Action</key>
    <string>Connect</string>
    </dict>
    </array>
    Idle Timer Do not disconnect
    Proxy Setup Manual
    Proxy Server And Port localhost : 57856
  4. Create a configuration profile to allow a firewall (ESET Endpoint Security only)

    To add firewall configuration to system settings remotely, perform one of the following actions before the installation:

    • Download the .plist configuration file. Deploy the .plist configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers.

    • Create a content filter configuration profile for the firewall with the following settings:

    Identifier com.eset.ees.6
    Filter order Firewall
    Socket Filter com.eset.firewall
    Socket filter designated requirement identifier "com.eset.firewall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
  5. After deploying configuration profiles, you can install your ESET product. You can deploy it through your MDM or use ESET PROTECT or ESET PROTECT On-Prem.