[KB7718] Remotely install ESET endpoint products for macOS on macOS Big Sur (11) and later

Issue

Details

For more information about MDM and configuration profiles visit Apple documentation.

Solution

Remotely install ESET Endpoint Security or Antivirus (6.x) for macOS 

  1. Enroll the computers you want to install the ESET Endpoint product to, to Apple-approved MDM. If you are using Jamf, follow our dedicated Jamf knowledgebase article.

  2. Create four configuration profiles. The profiles will allow system extensions for your ESET product, full disk access, Web access protection, and (ESET Endpoint Security only) firewall access.

Installation steps

It is important to deploy the following configuration profile on your computer before installing ESET endpoint products for macOS.

  1. Create configuration profile to allow system extension

    Create a configuration profile with the following settings:

    Team identifier (TeamID) P8DQRXPVLP
    Bundle identifier (BundleID) com.eset.endpoint
    com.eset.network
    com.eset.firewall
    com.eset.devices

    If your MDM does not allow you to create a System extension configuration profile, you can create a custom profile. Download our pre-made configuration profile and copy-paste the content of it or upload it directly to your MDM.

  2. Create a configuration profile to allow full disk access

    Create a configuration profile with the following settings:

    ESET Endpoint Antivirus
    Identifier com.eset.eea.6
    Identifier Type bundleID
    Code Requirement identifier "com.eset.eea.6" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
    App or Service SystemPolicyAllFiles
    Access Allow
    ESET Endpoint Security
    Identifier com.eset.ees.6
    Identifier Type bundleID
    Code Requirement identifier "com.eset.ees.6" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
    App or Service SystemPolicyAllFiles
    Access Allow

    Alternatively, you can download our premade configuration profile and copy-paste its content or upload it directly to your MDM.

  3. Create configuration profile to allow Web access protection

    To add Web access protection configuration to system settings remotely, perform one of the following actions before the installation:

    • Download the .plist configuration file. Deploy the .plist configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers.
    • To create your own configuration profile, create a VPN type configuration profile with the following settings:

    VPN type VPN
    Connection type Custom SSL
    Identifier for the custom SSL VPN com.eset.sysext.manager
    Server localhost
    Provider Bundle Identifier com.eset.network
    User authentication Certificate
    Provider Type App-proxy
    Provider Designated Requirement identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
    Enable VPN on Demand ✓
    On Demand Rules Configuration XML <array>
    <dict>
    <key>Action</key>
    <string>Connect</string>
    </dict>
    </array>
    Idle Timer Do not disconnect
    Proxy Setup Manual
    Proxy Server And Port localhost : 57856
  4. Create configuration profile to allow firewall (ESET Endpoint Security only)

    To add firewall configuration to system settings remotely, perform one of the following actions before the installation:

    • Download the .plist configuration file. Deploy the .plist configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers.

    • Create a content filter configuration profile for the firewall with the following settings:

    Identifier com.eset.ees.6
    Filter order Firewall
    Socket Filter com.eset.firewall
    Socket filter designated requirement identifier "com.eset.firewall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
  5. After deploying configuration profiles, you can install your ESET product. You can deploy it through your MDM or use ESET PROTECT or ESET PROTECT On-Prem.


Remotely install ESET Endpoint Antivirus (7.x) for macOS 

  1. Enroll the computers you want to install the ESET Endpoint product to, to Apple-approved MDM. If you are using Jamf, follow our dedicated Jamf Knowledgebase article.

  2. Create three configuration profiles. The profiles will allow system extensions for your ESET product, full disk access and Web access protection.

Installation steps

It is important to deploy the following configuration profile on your computer before installing ESET Endpoint Antivirus for macOS.

  1. Create configuration profile to allow system extension.

    Create a configuration profile with the following settings:

    Team identifier (TeamID) P8DQRXPVLP
    Bundle identifier (BundleID) com.eset.endpoint
    com.eset.network
    com.eset.devices

    If your MDM does not allow you to create a System extension configuration profile, you can create a custom profile. Download our pre-made configuration profile and copy-paste the content of it or upload it directly to your MDM.

  2. Create a configuration profile to allow full disk access.

    Create a configuration profile with the following settings:

    ESET Endpoint Antivirus
    Identifier com.eset.eea.g2
    Identifier Type bundleID
    Code Requirement identifier "com.eset.eea.g2" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
    App or Service SystemPolicyAllFiles
    Access Allow

    Alternatively, you can download our premade configuration profile and copy-paste its content or upload it directly to your MDM.

  3. Create configuration profile to allow Web access protection.

    To add Web access protection configuration to system settings remotely, perform one of the following actions before the installation:

    • Download the .plist configuration file. Deploy the .plist configuration profile file using the MDM server. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers.
    • To create your own configuration profile, create a VPN type configuration profile with the following settings:

    VPN type VPN
    Connection type Custom SSL
    Identifier for the custom SSL VPN com.eset.network.manager
    Server localhost
    Provider Bundle Identifier com.eset.network
    User authentication Certificate
    Provider Type App-proxy
    Provider Designated Requirement identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
    Enable VPN on Demand ✓
    On Demand Rules Configuration XML <array>
    <dict>
    <key>Action</key>
    <string>Connect</string>
    </dict>
    </array>
    Idle Timer Do not disconnect
    Proxy Setup Manual
    Proxy Server And Port localhost : 57856
  4. After deploying configuration profiles, you can install your ESET product. You can deploy it through your MDM or use ESET PROTECT or ESET PROTECT On-Prem.