[KB8712] Deploy the latest version of ESET Endpoint Security for macOS using Jamf Pro

Issue

• Use Jamf Pro to deploy the latest version of ESET Endpoint Security for macOS
• Troubleshooting issues after using Jamf Pro to upgrade to the latest version of ESET Endpoint Security for macOS

Solution

Follow the instructions below to deploy ESET Endpoint Security for macOS using Jamf Pro to manage using ESET PROTECT. 

1. Configure System Extensions, Privacy Preference Policy Control (PPPC), VPN, and Content Filter profile
2. Create Policies
3. Additional Options

I. Configure System Extensions, PPPC, VPN, and Content Filter profile

1. To set the approval for System Extensions, PPPC, VPN, and Content Filter, open Jamf Pro and click Computers → Configuration Profiles → New to add a new configuration profile (one configuration profile can contain all the settings).

   

2. Type a Name for the profile.

   

3. In the Options tab, click System Extensions → Configure.

   

4. In the Allowed TEAM IDs and System Extensions section, type the following information:

   • Display Name: ESET SEXT [you can choose any name you want]
   • System Extension Types: Allowed System Extensions
   • Team Identifier: P8DQRXPVLP
   • Allowed System Extensions:
     com.eset.endpoint
com.eset.network
com.eset.firewall
com.eset.devices
     
     

   

5. In the Options tab, click Privacy Preferences Policy Control → Configure.

   

6. Add in the following information:

   • Main product identifier EES:
     • Identifier: com.eset.ees.g2
     • Identifier Type: Bundle ID
     • Code Requirement: identifier "com.eset.ees.g2" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP 
     • App or Service: SystemPolicyAllFiles
     • Access: Allow
       
       
   • Realtime identifier:
     • Identifier: com.eset.endpoint
     • Identifier Type: Bundle ID
     • Code Requirement: identifier "com.eset.endpoint" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP 
     • App or Service: SystemPolicyAllFiles
     • Access: Allow
       
       
   • Network identifier:
     • Identifier: com.eset.network
     • Identifier Type: Bundle ID
     • Code Requirement: identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP 
     • App or Service: SystemPolicyAllFiles
     • Access: Allow
       
       
   • Firewall identifier:
     • Identifier: com.eset.firewall
     • Identifier Type: Bundle ID
     • Code Requirement: identifier "com.eset.firewall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP 
     • App or Service: SystemPolicyAllFiles
     • Access: Allow
       
       
   • Uninstaller identifier:
     • Identifier: com.eset.Uninstaller
     • Identifier Type: Bundle ID
     • Code Requirement: identifier "com.eset.app.Uninstaller" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP  
     • App or Service: SystemPolicyAllFiles
     • Access: Allow

   Full disk access may appear disabled

   After allowing full disk access and system extensions remotely in System Settings → Privacy & Security, these settings might appear disabled. If ESET Endpoint Security for macOS does not display any warnings, full disk access and system extensions are allowed, regardless of their status in System Settings → Privacy & Security.

   

7. In the Options tab, click VPN → Configure.

8. Create a configuration profile for ESET Web and Email Protection with the following settings:

   Web and Email protection

   You must add the Web and Email protection configuration to the system settings for Web and Email protection to function. If the Web and Email protection configuration is missing after the ESET Endpoint Security for macOS installation, users will receive the "ESET Endpoint Security Would Like to Filter Network Content" notification.
   
   Web Access Protection configuration is removed after uninstalling ESET Endpoint Security for macOS. To uninstall and reinstall ESET Endpoint Security for macOS, you must redeploy the Web and Email protection configuration to the target computer.

   In the General section, fill in the following:

   • Name: for example, ESET Web&Email Protection
   • Level: Computer level
   • Distribution method: Install automatically
     
     

   In the VPN section, fill in the following:

   • VPN Type: VPN
   • Connection type: Custom SSL
   • Identifier: com.eset.network.manager
   • server: localhost
   • Provider Bundle Identifier: com.eset.network
   • User Authentication: Certificate
   • Provider Type: App-proxy
   • Provider Designated Requirement: identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP 
   • Identity Certificate: None
   • Idle Timer: Do not disconnect
   • Proxy Setup: None
     
     

9. To add firewall configuration to system settings remotely, create a content filter configuration profile for the firewall before the installation/upgrade. Use the following settings:

   • Identifier: com.eset.firewall.manager 
   • Filter order: Firewall
   • Socket filter: com.eset.firewall
   • Socket filter designated requirement: identifier "com.eset.firewall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
     
     

   For more information, see the Online Help guide.

   

10. Click the Scope tab and click Add.

    

11. In the Add Deployment Targets section, select the computers (or Computer Groups) to which you want to apply the policy by clicking Add, and then click Done.

    

12. Click Save to apply your changes.

    

II. Create policies

1. Click Policies in the left menu and click New.

   

2. Type a Display Name for the policy, and in the Trigger section, select the Recurring Check-in check box.

   

3. ESET Management Agent installation script: Create the Agent Live Installer and download the PROTECTAgentinstaller.sh file from ESET PROTECT On-Prem.

4. After downloading the scripts, follow the steps in the Jamf Pro Administrator's Guide to add them to Jamf.

5. From the Options tab, click Scripts and then click Configure.

   

6. Click Add to select the scripts to add to the policy.

7. Click the Scope tab and click Add.

   

8. In the Add Deployment Targets section, select the computers (or Computer Groups) to which you want to apply the policy by clicking Add, and then click Done.

   Double deployment

   Before adding deployment targets, ensure no other installation policy for earlier versions of the ESET security product is assigned to the intended targets. This may cause the product to be installed twice, resulting in the product not functioning.
   If you are using ESET PROTECT On-Prem and Jamf, check the installation policies in both.

   

9. Click Save to apply your changes.

III. Additional options

• Verify you can manage the ESET Endpoint using ESET PROTECT On-Prem: Open the ESET PROTECT Web Console, click Computers and verify that the Jamf endpoint is displayed in the All Group.
• If you did not type the Activation Key or Security Admin during the install scripts, you can activate the ESET products using ESET PROTECT.
• Extension Attributes: Extension Attributes show information regarding ESET products in the Computer details → Search Inventory → General section.

Follow the instructions below to add the Extension Attribute:

1. Open Jamf pro and click the All Settings gear icon → Computer Management → Extension attributes.

   

2. Click New to create a new extension attribute.

   

3. In Display Name type a name for the extension attribute, select Script in the Input Type drop-down menu and then paste the ESETstatusEA.sh (right-click and select Save link as) script into the Shell field and click Save.

   

4. The extension attribute will be automatically set to all computer groups. Click a computer and in the General section, it will display the extension attribute.

   

Troubleshooting issues after upgrading to the latest version

Approve system extensions via MDM

The steps below will resolve the system extension issue in environments with a remote management tool such as JAMF or Kandji. If you currently use ESET endpoint product for macOS version 7 without automatic updates enabled, follow these steps before upgrading to the latest version to avoid system extension conflicts.