Issue
- Remotely install the latest version of ESET Endpoint products for macOS
- Remotely install ESET Endpoint products for macOS version 6.x
- You want to see more information about MDM and configuration profiles
- You want to see more information about remote installation Endpoint products for macOS
Solution
Remotely install the latest version of ESET Endpoint products for macOS
-
Enroll the computers you want to install the ESET Endpoint product to, to Apple-approved MDM. If you are using Jamf, follow our dedicated Jamf Knowledgebase article.
-
Create configuration profiles. The profiles will allow system extensions for your ESET product, full disk access and Web access protection.
Create a configuration profile to allow system extensions
To enable system extensions on your device remotely, create a configuration profile in your MDM before the installation. Use the following settings:
Team identifier (TeamID) P8DQRXPVLP Bundle identifier (BundleID) com.eset.endpoint com.eset.network com.eset.firewall If your MDM does not allow you to create a System extension configuration profile, you can create a custom profile. Download our pre-made configuration profile and copy-paste the content of it or upload it directly to your MDM.
Create a configuration profile to enable full disk access
To enable full disk access remotely, perform one of the following actions before installation:
If your device is managed by ESET PROTECT On-Prem or ESET PROTECT, you need to enable full disk access for ESET Management Agent. Download the .plist payload file for ESET Management Agent.
Create a configuration profile in your MDM using the .plist payload. Download the .plist payload file for ESET Endpoint Antivirus for macOS.
Create a configuration profile using the following settings:
ESET Endpoint Antivirus Identifier com.eset.eea.g2 Identifier Type bundleID Code Requirement identifier "com.eset.eea.g2" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP App or Service SystemPolicyAllFiles Access Allow ESET Endpoint Security Identifier com.eset.ees.g2 Identifier Type bundleID Code Requirement identifier "com.eset.ees.g2" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP App or Service SystemPolicyAllFiles Access Allow Alternatively, you can download our premade configuration profile and copy-paste its content or upload it directly to your MDM.
Create a configuration profile to allow Web and Email protection
To add Web and Email protection configuration to system settings remotely, create a VPN type configuration profile before the installation. Use the following settings:
- Download the .plist configuration file. Deploy the
.plist
configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers. - Web and Email protection configuration is removed after uninstalling ESET Endpoint Security. If you need to uninstall and install ESET Endpoint Security, you need to deploy the Web and Email protection configuration to the target computer after the uninstallation again.
VPN type VPN Connection type Custom SSL Identifier for the custom SSL VPN com.eset.network.manager Server localhost Provider Bundle Identifier com.eset.network User authentication Certificate Provider Type App-proxy Provider Designated Requirement identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP Enable VPN on Demand Yes On Demand Rules Configuration XML <array>
<dict>
<key>Action</key>
<string>Connect</string>
</dict>
</array>Idle Timer Do not disconnect Proxy Setup None Proxy Server And Port localhost : 57856 - Download the .plist configuration file. Deploy the
Create a configuration profile to allow a firewall (ESET Endpoint Security version 8.x only)
To add firewall configuration to system settings remotely, create a content filter configuration profile for the firewall before the installation/upgrade. Use the following settings:
Identifier com.eset.firewall.manager Filter order Firewall Socket Filter com.eset.firewall Socket filter designated requirement identifier "com.eset.firewall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP -
After deploying configuration profiles, you can install your ESET product. You can deploy it through your MDM or use ESET PROTECT or ESET PROTECT On-Prem.
Remotely install ESET Endpoint products for macOS version 6.x
-
Enroll the computers you want to install the ESET Endpoint product to, to Apple-approved MDM. If you are using Jamf, follow our dedicated Jamf knowledgebase article.
-
Create configuration profiles. The profiles will allow system extensions for your ESET product, full disk access, Web access protection, and (ESET Endpoint Security only) firewall access.
Create a configuration profile to allow system extensions
Create a configuration profile with the following settings:
Team identifier (TeamID) P8DQRXPVLP Bundle identifier (BundleID) com.eset.endpoint com.eset.network com.eset.firewall com.eset.devices If your MDM does not allow you to create a System extension configuration profile, you can create a custom profile. Download our pre-made configuration profile and copy-paste the content of it or upload it directly to your MDM.
Create a configuration profile to allow full disk access
Create a configuration profile with the following settings:
ESET Endpoint Antivirus Identifier com.eset.eea.6 Identifier Type bundleID Code Requirement identifier "com.eset.eea.6" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP App or Service SystemPolicyAllFiles Access Allow ESET Endpoint Security Identifier com.eset.ees.6 Identifier Type bundleID Code Requirement identifier "com.eset.ees.6" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP App or Service SystemPolicyAllFiles Access Allow Alternatively, you can download our premade configuration profile and copy-paste its content or upload it directly to your MDM.
Create a configuration profile to allow Web access protection
To add Web access protection configuration to system settings remotely, perform one of the following actions before the installation:
- Download the .plist configuration file. Deploy the
.plist
configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers. - To create your own configuration profile, create a VPN-type configuration profile with the following settings:
VPN type VPN Connection type Custom SSL Identifier for the custom SSL VPN com.eset.sysext.manager Server localhost Provider Bundle Identifier com.eset.network User authentication Certificate Provider Type App-proxy Provider Designated Requirement identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP Enable VPN on Demand Yes On Demand Rules Configuration XML <array>
<dict>
<key>Action</key>
<string>Connect</string>
</dict>
</array>Idle Timer Do not disconnect Proxy Setup Manual Proxy Server And Port localhost : 57856 - Download the .plist configuration file. Deploy the
Create a configuration profile to allow a firewall (ESET Endpoint Security only)
To add firewall configuration to system settings remotely, perform one of the following actions before the installation:
-
Download the .plist configuration file. Deploy the .plist configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers.
-
Create a content filter configuration profile for the firewall with the following settings:
Identifier com.eset.ees.6 Filter order Firewall Socket Filter com.eset.firewall Socket filter designated requirement identifier "com.eset.firewall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP -
-
After deploying configuration profiles, you can install your ESET product. You can deploy it through your MDM or use ESET PROTECT or ESET PROTECT On-Prem.