Deploying ESET with Smart Software via Addigy

This article serves as a guide for deploying ESET security software to your organization's devices via Addigy Smart Software. The instructions provided can be used to deploy ESET Endpoint Antivirus and/or ESET Endpoint Security. 

Note that an ESET activation key is required for the product to be activated immediately upon installation (without end user interaction). 

• MDM Profiles for Automated Deployment
  • PPPC for Full Disk Access
  • System Extensions
  • Web Content Filter
• Smart Software
  • Condition for Install
  • Installation Command
  • Custom Fact to Report ESET Status (Optional)

MDM Profiles for Automated Deployment

ESET requires the following MDM Profiles for full functionality and a completely automated deployment: PPPC for Full Disk Access, System Extensions, and Web Content Filter.

Note: MDM Profiles must be installed prior to the Smart Software item for permissions to be properly whitelisted. This will occur automatically when the items are added to a policy (due to their default Installation Priority). Ensure MDM Profiles are deployed first when installing on individual devices via GoLive.

PPPC for Full Disk Access

For more information about creating a PPPC Profile, refer to: Creating a PPPC MDM Profile for Full Disk Access (FDA)

The fields required for Full Disk Access are Access to Protected Files and Access to System Admin Files.

Endpoint Antivirus and Endpoint Security have different requirements. It is only necessary to include those for the particular product you are deploying. 

For ESET Endpoint Antivirus:

Identifier: com.eset.eea.6
Identifier type: Bundle ID
Code requirement: identifier "com.eset.eea.6" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

Identifier: com.eset.devices
Identifier type: Bundle ID
Code requirement: identifier "com.eset.devices" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

Identifier: com.eset.endpoint
Identifier type: Bundle ID
Code requirement: identifier "com.eset.endpoint" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

ESET Endpoint Security:

Identifier: com.eset.ees.6
Identifier type: Bundle ID
Code requirement: identifier "com.eset.ees.6" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

Identifier: com.eset.devices
Identifier type: Bundle ID
Code requirement: identifier "com.eset.devices" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

Identifier: com.eset.endpoint
Identifier type: Bundle ID
Code requirement: identifier "com.eset.endpoint" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

The screenshot below provides an example of the profile configured for both Endpoint Antivirus and Endpoint Security:

System Extensions

For more information about creating a System Extensions Profile, refer to: Allow System Extensions with Addigy MDM

Team Identifier: P8DQRXPVLP
Allowed System Extensions:
com.eset.endpoint
com.eset.network
com.eset.firewall
com.eset.devices

Web Content Filter

Navigate to Catalog > MDM Profiles and create a new Web Content Filter MDM Profile:

Configure the following settings within the profile:

Filter type: Plugin (Third Party App)

User Defined Name: ESET Firewall

Plugin Bundle ID: com.eset.ees.6

Enable Filter Socket Traffic
Socket Filter Bundle Identifier: com.eset.firewall
Socket Filter Designated Requirement: identifier "com.eset.firewall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

Filter Grade: Firewall

Smart Software

To start, navigate to Catalog > Software and create a new Smart Software item for ESET.  

Note: No Installation Files are needed for this Smart Software item. 

Installation Command

The script provided below can be used to deploy ESET Endpoint Antivirus or ESET Endpoint Security. 

Copy the script and paste it into the 'Installation Command' section of your Smart Software item. 

Configure the variables on lines 8, 9, & 10 of the script as described below. The remainder of the script should not be modified. 

Product Selection (Required)

To deploy ESET Endpoint Antivirus, set the Prod variable to "EEA" on line 8 of the script: 

Prod="EEA"

To deploy ESET Endpoint Security, set the Prod variable to "EES" on line 8 of the script: 

Prod="EES"

Activation Key (Optional)

To automatically activate your ESET product upon installation, you'll need an activation key (usually found in your ESET purchase confirmation email or in the subscription overview area of your ESET account). 

Set the KEY variable on line 9 of the script to your activation key: 

KEY="XXXX-XXXX-XXXX-XXXX-XXXX"

If an activation key is not provided in the script, the software will still be installed, but will not be activated. 

Proxy (Optional)

Optionally set a proxy server with the eraa_http_proxy_value variable on line 10:

eraa_http_proxy_value="http://Proxy-IP-or-FQDN:3128"

ESET Installation Script

#!/bin/bash
#
# Enter your product, either EEA or EES. This is required.
# Activation will be attempted if value KEY contains is not empty
# security admin format example: '123-ABC-456:user=security.admin@mail.com:pass=SecurityAdminPass'
# Proxy example: http://Proxy-IP-or-FQDN:3128

Prod=""
KEY=""
eraa_http_proxy_value=""

if [ -z "$Prod" ] ; then echo 'No product selected please specify EEA or EES' & exit 1; fi

if test -n "$Prod"; then
Prod="$(echo "$Prod" | tr "[:lower:]" "[:upper:]")"
fi

files2del="$(mktemp -q /tmp/XXXXXXXX.files)"
dirs2del="$(mktemp -q /tmp/XXXXXXXX.dirs)"
echo "$dirs2del" >> "$files2del"
dirs2umount="$(mktemp -q /tmp/XXXXXXXX.mounts)"
echo "$dirs2umount" >> "$files2del"

finalize()
{
set +e

echo "Cleaning up:"

if test -f "$dirs2umount"
then
while read f
do
sudo -S hdiutil detach "$f"
done < "$dirs2umount"
fi

if test -f "$dirs2del"
then
while read f
do
test -d "$f" && rmdir "$f"
done < "$dirs2del"
fi

if test -f "$files2del"
then
while read f
do
unlink "$f"
done < "$files2del"
unlink "$files2del"
fi
}

trap 'finalize' HUP INT QUIT TERM EXIT

# Changed the URL and DMG values for EEA so far
if [ "$Prod" == EEA ]; then
DMG=eea_osx.dmg
URL=https://download.eset.com/com/eset/apps/business/eea/mac/g2/latest/eea_osx.dmg
APP=Antivirus
fi
if [ "$Prod" == EES ]; then
DMG=ees_osx_en.dmg
URL=http://download.eset.com/com/eset/apps/business/ees/mac/latest/ees_osx_en.dmg
APP=Security
fi

if ! [[ $Prod =~ (EEA|EES) ]]; then echo 'No valid product selected please specify EEA or EES' && exit 1; fi

local_ESET_dmg="$(mktemp -q -u /tmp/ESETInstaller.dmg.XXXXXXXX)"
echo "Downloading ESET Endpoint $APP installer image '$URL':"

if test -n "$eraa_http_proxy_value"
then
export use_proxy=yes
export http_proxy="$eraa_http_proxy_value"
(curl --connect-timeout 300 --insecure -o "$local_ESET_dmg" "$URL" || curl --connect-timeout 300 --noproxy "*" --insecure -o "$local_ESET_dmg" "$URL") && echo "$local_ESET_dmg" >> "$files2del"
else
curl --connect-timeout 300 --insecure -o "$local_ESET_dmg" "$URL" && echo "$local_ESET_dmg" >> "$files2del"
fi

if [ ! -f "$local_ESET_dmg" ]; then exit 1 ; fi
test -d '/Library/Application Support/ESET/esets/cache' || mkdir -p '/Library/Application Support/ESET/esets/cache'
touch '/Library/Application Support/ESET/esets/cache/do_not_launch_esets_gui_after_installation'

local_ESET_mount="$(mktemp -q -d /tmp/ESETInstaller.mount.XXXXXXXX)" && echo "$local_ESET_mount" | tee "$dirs2del" >> "$dirs2umount"
echo "Mounting image '$local_ESET_dmg':" && sudo -S hdiutil attach "$local_ESET_dmg" -mountpoint "$local_ESET_mount" -nobrowse
local_ESET_pkg="$(ls "$local_ESET_mount"/Resources/ | grep "\.pkg$" | tail -n 1)"

SigCheck="$(pkgutil --check-signature "$local_ESET_mount/Resources/$local_ESET_pkg" | grep -o "ESET, spol. s r.o. (P8DQRXPVLP)")"
if [ "$SigCheck" == "ESET, spol. s r.o. (P8DQRXPVLP)" ]; then
echo "Signature check Passed"
echo "$SigCheck"
echo "Installing package '$local_ESET_mount/Resources/$local_ESET_pkg':" && sudo -S installer -pkg "$local_ESET_mount/Resources/$local_ESET_pkg" -target /
else
echo "Signature check failed"
echo "$SigCheck"
exit 1
fi

sleep 10

if test -n "$KEY"; then
/Applications/ESET\ Endpoint\ Antivirus.app/Contents/MacOS/lic --key "$KEY"
else
echo "No license key provided"
exit 0
fi

exit 0

Condition for Install

Add a simple Condition for Install to your ESET Smart Software item by selecting the option 'If file does not exist' and entering the path to the application. 

For ESET Endpoint Antivirus: 

/Applications/ESET Endpoint Antivirus.app

For ESET Endpoint Security:

/Applications/ESET Endpoint Security.app 

You are now ready to save and deploy your ESET Smart Software item.

Custom Fact to Report ESET Status (Optional)

It is also possible to create a Custom Fact that reports the ESET status for each of your devices running the software. See How to Create or Edit a Custom Device Fact for more information about creating Custom Facts.  

Note that an active subscription is required for this fact to accurately report a device's ESET status. 

Use the script provided below as the script for the Custom Fact. 

Ensure 'Return Type' is set to String & the Bash shell is being used. 

After creating the fact, assign it to your policies with devices running ESET. The fact's value will be populated in the 'Device Facts' tab on the GoLive and Devices page. 

Custom Fact Script

#!/bin/bash

if [[ -e "/Applications/ESET Endpoint Antivirus.app" ]]; then
APP="ESET Endpoint Antivirus.app"
fi

if [[ -e "/Applications/ESET Endpoint Security.app" ]]; then
APP="ESET Endpoint Security.app"
fi

if [[ -z "$APP" ]]; then
echo "No ESET Endpoint protection"
else
if [[ "$APP" == "ESET Endpoint Antivirus.app" ]]; then ESET="EEA"; fi
if [[ "$APP" == "ESET Endpoint Security.app" ]]; then ESET="EES"; fi
if [[ -e "/Applications/ESET Endpoint Antivirus.app/Contents/MacOS/odscan" ]]; then
AVSigsVer=$(/Applications/ESET\ Endpoint\ Antivirus.app/Contents/MacOS/upd --list-module | grep "Detection engine" | sed -r 's/^EM.*\ (.*\ \(.*\)).*Detection\ engine$/\1/')
ClientVer=$(/Applications/ESET\ Endpoint\ Antivirus.app/Contents/MacOS/odscan --version | sed -r 's/^\/Applications\/ESET\ Endpoint\ Antivirus\.app\/Contents\/MacOS\/odscan\ \(eea_mac\)\ (.*)$/\1/')
Activation=$(/Applications/ESET\ Endpoint\ Antivirus.app/Contents/MacOS/lic --status | grep "Status" )
echo "$ESET $ClientVer $AVSigsVer $Activation"
else
Status="$(mktemp -q /tmp/ESETstatus.XXXXX)"
/Applications/"$APP"/Contents/MacOS/esets_daemon --status > $Status
AVSigsVer=$(grep AVSigsVer $Status | sed 's/AVSigsVer=//g')
ClientVer=$(grep ClientVer $Status | sed 's/ClientVer=//g')
Activation=$(grep Activation $Status | sed 's/Activation=//g')
echo "$ESET $ClientVer $AVSigsVer $Activation"
rm -f $Status
fi
fi