[KB7718] Remotely install ESET Endpoint products for macOS

Issue

• Remotely install the latest version of ESET Endpoint products for macOS
• Remotely install ESET Endpoint products for macOS version 6.x
• You want to see more information about MDM and configuration profiles
• You want to see more information about remote installation Endpoint products for macOS

Solution

Remotely install the latest version of ESET Endpoint products for macOS 

1. Enroll the computers you want to install the ESET Endpoint product to, to Apple-approved MDM. If you are using Jamf, follow our dedicated Jamf Knowledgebase article.

2. Create configuration profiles. The profiles will allow system extensions for your ESET product, full disk access and Web access protection.

3. Create a configuration profile to allow system extensions

   
   

   To enable system extensions on your device remotely, create a configuration profile in your MDM before the installation. Use the following settings:

   Team identifier (TeamID)

   P8DQRXPVLP

   Bundle identifier (BundleID)	com.eset.endpoint
   	com.eset.network
   	com.eset.firewall

   If your MDM does not allow you to create a System extension configuration profile, you can create a custom profile. Download our pre-made configuration profile and copy-paste the content of it or upload it directly to your MDM.

   • Download the ESET configuration profile for System extensions.
     
     
4. Create a configuration profile to enable full disk access

   To enable full disk access remotely, perform one of the following actions before installation:

   If your device is managed by ESET PROTECT On-Prem or ESET PROTECT, you need to enable full disk access for ESET Management Agent. Download the .plist payload file for ESET Management Agent.

   Create a configuration profile in your MDM using the .plist payload. Download the .plist payload file for ESET Endpoint Antivirus for macOS. 

   Create a configuration profile using the following settings:

   ESET Endpoint Antivirus
   Identifier	com.eset.eea.g2
   Identifier Type	bundleID
   Code Requirement	identifier "com.eset.eea.g2" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
   App or Service	SystemPolicyAllFiles
   Access	Allow

   ESET Endpoint Security
   Identifier	com.eset.ees.g2
   Identifier Type	bundleID
   Code Requirement	identifier "com.eset.ees.g2" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
   App or Service	SystemPolicyAllFiles
   Access	Allow

   Alternatively, you can download our premade configuration profile and copy-paste its content or upload it directly to your MDM.

   • Download the ESET Endpoint Antivirus configuration profile for Privacy Preferences Policy Control.
   • Download the ESET Endpoint Security configuration profile for Privacy Preferences Policy Control.
     
     
5. Create a configuration profile to allow Web and Email protection

   
   

   To add Web and Email protection configuration to system settings remotely, create a VPN type configuration profile before the installation. Use the following settings:

   • Download the .plist configuration file. Deploy the .plist configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers.
     
     
   • Web and Email protection configuration is removed after uninstalling ESET Endpoint Security. If you need to uninstall and install ESET Endpoint Security, you need to deploy the Web and Email protection configuration to the target computer after the uninstallation again.
     
     

   VPN type	VPN
   Connection type	Custom SSL
   Identifier for the custom SSL VPN	com.eset.network.manager
   Server	localhost
   Provider Bundle Identifier	com.eset.network
   User authentication	Certificate
   Provider Type	App-proxy
   Provider Designated Requirement	identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
   Enable VPN on Demand	Yes
   On Demand Rules Configuration XML	<array> <dict> <key>Action</key> <string>Connect</string> </dict> </array>
   Idle Timer	Do not disconnect
   Proxy Setup	None
   Proxy Server And Port	localhost : 57856

6. Create a configuration profile to allow a firewall (ESET Endpoint Security version 8.x only)

   
   

   To add firewall configuration to system settings remotely, create a content filter configuration profile for the firewall before the installation/upgrade. Use the following settings:

   Identifier	com.eset.firewall.manager
   Filter order	Firewall
   Socket Filter	com.eset.firewall
   Socket filter designated requirement	identifier "com.eset.firewall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

7. After deploying configuration profiles, you can install your ESET product. You can deploy it through your MDM or use ESET PROTECT or ESET PROTECT On-Prem.

Remotely install ESET Endpoint products for macOS version 6.x

1. Enroll the computers you want to install the ESET Endpoint product to, to Apple-approved MDM. If you are using Jamf, follow our dedicated Jamf knowledgebase article.

2. Create configuration profiles. The profiles will allow system extensions for your ESET product, full disk access, Web access protection, and (ESET Endpoint Security only) firewall access.

3. Create a configuration profile to allow system extensions

   
   

   Create a configuration profile with the following settings:

   Team identifier (TeamID)

   P8DQRXPVLP

   Bundle identifier (BundleID)	com.eset.endpoint
   	com.eset.network
   	com.eset.firewall
   	com.eset.devices

   If your MDM does not allow you to create a System extension configuration profile, you can create a custom profile. Download our pre-made configuration profile and copy-paste the content of it or upload it directly to your MDM.

   • Download the ESET configuration profile for System extensions.
     
     
4. Create a configuration profile to allow full disk access

   
   

   Create a configuration profile with the following settings:

   ESET Endpoint Antivirus
   Identifier	com.eset.eea.6
   Identifier Type	bundleID
   Code Requirement	identifier "com.eset.eea.6" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
   App or Service	SystemPolicyAllFiles
   Access	Allow

   ESET Endpoint Security
   Identifier	com.eset.ees.6
   Identifier Type	bundleID
   Code Requirement	identifier "com.eset.ees.6" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
   App or Service	SystemPolicyAllFiles
   Access	Allow

   Alternatively, you can download our premade configuration profile and copy-paste its content or upload it directly to your MDM.

   • Download the ESET Endpoint Antivirus configuration profile for Privacy Preferences Policy Control.
   • Download the ESET Endpoint Security configuration profile for Privacy Preferences Policy Control.
     
     
5. Create a configuration profile to allow Web access protection

   
   

   To add Web access protection configuration to system settings remotely, perform one of the following actions before the installation:

   • Download the .plist configuration file. Deploy the .plist configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers.
   • To create your own configuration profile, create a VPN-type configuration profile with the following settings:
     
     

   VPN type	VPN
   Connection type	Custom SSL
   Identifier for the custom SSL VPN	com.eset.sysext.manager
   Server	localhost
   Provider Bundle Identifier	com.eset.network
   User authentication	Certificate
   Provider Type	App-proxy
   Provider Designated Requirement	identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
   Enable VPN on Demand	Yes
   On Demand Rules Configuration XML	<array> <dict> <key>Action</key> <string>Connect</string> </dict> </array>
   Idle Timer	Do not disconnect
   Proxy Setup	Manual
   Proxy Server And Port	localhost : 57856

6. Create a configuration profile to allow a firewall (ESET Endpoint Security only)

   
   

   To add firewall configuration to system settings remotely, perform one of the following actions before the installation:

   • Download the .plist configuration file. Deploy the .plist configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers.

   • Create a content filter configuration profile for the firewall with the following settings:

   Identifier	com.eset.ees.6
   Filter order	Firewall
   Socket Filter	com.eset.firewall
   Socket filter designated requirement	identifier "com.eset.firewall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

7. After deploying configuration profiles, you can install your ESET product. You can deploy it through your MDM or use ESET PROTECT or ESET PROTECT On-Prem.