Deploying Bitdefender using Addigy

This KB article serves as a guide on installing Bitdefender via Addigy, along with profiles for PPPC permissions, Kernel Extensions (KEXT), and System Extensions.

Table of Contents

• Configuring the Custom Software
• Configuring the PPPC Profile
• Configuring the Kernel Extension and/or System Extension Profile

Configuring the Custom Software

The Bitdefender installer will normally be a DMG file. To make things as simple as possible, we recommend getting the PKG and XML files that are inside of the DMG and uploading them into Addigy. If you open the Bitdefender DMG, you'll see the two files that you will need: 

1. Upload the .pkg and .xml files into the Custom Software. Once the files are added, your custom software should look like this:
   

2. Addigy will automatically generate the installation script for the .pkg file. By clicking the Add button, the installation script will be filled in for you.
   

3. Add a condition script and/or a removal script if desired.
4. Save & Review your custom software, and confirm the changes. 

Configuring the PPPC Profile

To prevent prompts for Full Disk Access and additional permissions, a PPPC payload can be deployed which automatically sets these permissions. The known Identifiers and code requirements for Bitdefender are listed below; they can be pasted into a PPPC Profile: 

Please note below the sections where these Identifiers & Code Requirements need to be added in the Payload:

Access to Protected Files    

Access to System Admin Files    

Access to File Provider

Access to Desktop Folder

Configuring the Kernel Extension and/or System Extension Profile

The Team ID for Bitdefender is currently GUNFMW623Y. Adding this Team ID to the Allowed Team Identifiers section of the Kernel/System Extension MDM profile will whitelist all extensions under that Team ID.

Kernel Extension

System Extension

SSL Certificate

To properly deploy this SSL certificate, you must add it to the keychain on a device with Bitdefender and ensure it is approved. The SSL certificate in Keychain Access can be exported by right-clicking the certificate in System and selecting "Export (name of cert)..."

After that, add it to Apple Configurator (if you are using Windows, you may need to use an alternative profile creation tool like iMazing).

Note: See How To: Configure and Deploy a Custom MDM Profile for details on how to bring this custom profile into Addigy.

The last piece of our puzzle is to set up a Web Content Filter MDM profile, which can be configured in Catalog > MDM Profiles > New.

You will want to set it up like this:

Plugin Bundle ID:

com.bitdefender.epsecurity.BDLDaemonApp

 Filter Socket Traffic:
Bundle Identifier:

com.bitdefender.cst.net.dci.dci-network-extensioncom.bitdefender.cst.net.dci.dci-network-extension

Designated Requirement:

anchor apple generic and identifier "com.bitdefender.cst.net.dci.dci-network-extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)

After adding the Bitdefender custom software and MDM profiles to a policy, you should be able to successfully deploy Bitdefender to the devices in that policy. 

We recommend deploying your Custom Software items to test devices and virtual machines to verify their accuracy and robustness before pushing them out to your devices in production.