MDM Profiles
In order to deploy ESET Endpoint Security to your macOS devices, you will need to deploy an MDM profile to grant Privacy Preferences Policy Control (PPPC) settings, allowed System Extensions, and a Content Filter. This guide will cover how to make the required profiles.
PPPC Profile
Search for PPPC and select PPPC
Name your profile
Check the box to include "Access to All Protected" and "System Administration Files" and enter the relevant information to grant Full Disk Access. Endpoint Antivirus and Endpoint Security have different requirements. The screenshot will have both Endpoint Antivirus and Endpoint Security. If you are not using one of these, you do not need to configure it. Make sure you check the box on the right to allow.
ESET Endpoint Antivirus:
Identifier: com.eset.eea.6
Identifier type: Bundle ID
Code requirement: identifier "com.eset.eea.6" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
Identifier: com.eset.devices
Identifier type: Bundle ID
Code requirement: identifier "com.eset.devices" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
Identifier: com.eset.endpoint
Identifier type: Bundle ID
Code requirement: identifier "com.eset.endpoint" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
ESET Endpoint Security:
Identifier: com.eset.ees.6
Identifier type: Bundle ID
Code requirement: identifier "com.eset.ees.6" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
Identifier: com.eset.devices
Identifier type: Bundle ID
Code requirement: identifier "com.eset.devices" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
Identifier: com.eset.endpoint
Identifier type: Bundle ID
Code requirement: identifier "com.eset.endpoint" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
Scroll to the bottom and click Create Profile on the right
System Extension Profile
Create another new profile, search for system extensions and select System Extensions
Name your Profile. Check the box to include "Allowed System Extensions" and enter the following information. Separate the Allowed System Extensions with a comma-space (com.apple.extension1, com.apple.extension2)
Team Identifier: P8DQRXPVLP
Allowed System Extensions:
com.eset.endpoint
com.eset.network
com.eset.firewall
com.eset.devices
Scroll to the bottom and click Create Profile on the right
Content Filter Profile
Create another new profile, search for content and select Web Content Filter
Name your profile and fill in the required information.
Filter Type: Plug-In
User Defined Name: ESET Firewall
Plugin Bundle ID: com.eset.ees.6
Include: Filter Socket Traffic
Bundle Identifier: com.eset.firewall
Designated Requirement: identifier "com.eset.firewall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
Include: Filter Grade - Firewall
Scroll to the bottom and click Create Profile on the right
Now, you are ready to add the MDM Profiles to your Addigy Policy to deploy. Note: you want to make sure the profiles are installed before you install the ESET apps.
Custom Software configuration
Now that you’ve got the profiles created, you need to create a Smart Software item to download and install ESET. This will be a script that handles the download and install. The script will install either ESET Endpoint Antivirus or ESET Endpoint Security depending on what you set for the variable in the script. The script can be found attached at the end of this guide.
Navigate to Catalog on the left
Click Software
On the Smart Software tab, click New on the right
Enter a descriptive name and paste script.
For ESET Endpoint Antivirus, enter "EEA" as the variable on line 9
For this condition script, you will want to:
- Scroll down and expand Condition for Install
- Expand Check for path and change the dropdown to Failure
- Enter /Applications/ESET Endpoint Antivirus.app in the Path to folder field and click Add to script.
- Make sure to edit line 5 as shown in the screenshot. Click Save.
For ESET Endpoint Security, enter "EES" as the variable on line 9
For this condition script, you will want to:
- Scroll down and expand Condition for Install
- Expand Check for path and change the dropdown to Failure
- Enter "/Applications/ESET Endpoint Security.app" in the Path to folder field and click Add to script.
- Make sure to edit line 5 as shown in the screenshot. Click Save.
You are now ready to deploy your ESET Smart Software item.
Optional
You can also add a Custom Fact script to report on the status of ESET. The custom fact is as attached at the bottom of this article.
Name your Custom Fact something descriptive, verify the Return Type is String, set the shell dropdown to Bash and paste the script in