This article serves as a guide on deploying Trend-Micro Apex Using Addigy.
TABLE OF CONTENTS
- I want to deploy Apex using Addigy, how do I start?
- How do I grant Full Disk Access for Apex?
- How do I build the custom software for Apex?
- Condition Script
- How do I build System Extensions for Apex?
- Important information!
I want to deploy Apex using Addigy, how do I start?
Great question!
Apex requires PPPC for Full Disk Access, the .zip file provided by Trend Micro, as well as System Extensions.
We will detail each part of the deployment below.
How do I grant Full Disk Access for Apex?
You will need the below information to place into the MDM configuration for PPPC:
Please note that the below information will go into the Access To Protected Files AND Access to System Admin Files. Identifiers: 1.com.trendmicro.icore 2.com.trendmicro.tmsm.MainUI 3.com.trendmicro.icore.es Bundle ID's: 1.identifier "com.trendmicro.icore" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32 2.identifier "com.trendmicro.tmsm.MainUI" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32 3.identifier "com.trendmicro.icore.es" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32
Once you've finished inputting the information, the MDM configuration should look exactly like the below:
After you confirm it's correct, go ahead and save your work!
How do I build the custom software for Apex?
Please note that the needed fle should be downloaded from your Trend-Micro portal. Once you have your .zip file, navigate to Policies>Catalog>Custom software and create a new item.
Below we have an example of how the custom software is set up:
We will also paste this installation script example here:
unzip -o "/Library/Addigy/ansible/packages/TrendMicro_Apex_One (2.0)/tmsminstall (2).zip" installer -pkg "/Library/Addigy/ansible/packages/TrendMicro_Apex_One (2.0)/tmsminstall/tmsminstall.pkg" -target /
Please note that the above is an example that would only function if you set up the item exactly as pictured. The syntax of the installation script can change depending on the version you set and the filename.
The portion that will not change regardless of those factors is /tmsminstall/tmsminstall.pkg
Condition Script
While a condition script is optional, it can be useful if you want to deploy everything listed in the article at once without having to worry about the software installing before the devices get the necessary whitelistings.
Below you will find a condition script that you can configure, which will check for the existence of the configurations you made on the device. If the configurations are not found, the software will not install and Addigy will try again once that condition check is passed.
Please have "Install on success" toggled on if you're using the condition script below.
#!/bin/bash systemextension="NAME OF SYSTEM EXTENSION GOES HERE" pppc="NAME OF PPPC GOES HERE" if sudo Profiles -Lv | grep "$systemextension" > /dev/null && sudo Profiles -Lv | grep "$pppc" > /dev/null; then echo "All MDM Configurations are on the device, continuing..." else echo "An MDM Configuration is missing; skipping installation" exit 1 fi
How do I build System Extensions for Apex?
To build an MDM configuration for System extensions, navigate to Policies>Catalog>MDM configurations and create a new configuration for System Extensions.
You will only need the below information:
Team Identifier: E8P47U2H32 Bundle Identifier: com.trendmicro.icore, com.trendmicro.tmsm.MainUI, com.trendmicro.icore.es, com.trendmicro.icore.netfilter
Your configuration should look like the below:
Once you've gotten the information inputted correctly, save your work!
Important information!
It is HIGLY recommened to deploy both the PPPC and System Extension configurations before deploying the software to ensure the most success. You should now be able to deploy Apex to your devices!