Addigy provides many options for installing third-party software including Webroot security software. To install Webroot silently, you must have access to valid Webroot license keys.
This method of deployment has been configured by referencing the following Webroot documentation:
Installing Webroot
To install Webroot, create a new Smart Software item within Addigy. For more information on how to set up Smart Software, see our support article: Creating Smart Software.
Two installation files are necessary to deploy Webroot via Addigy - a .pkg and a .sh file. The files can be downloaded from the following links:
After uploading these Installation Files to your Webroot Smart Software item, the script provided below can be used as the Installation Command:
- Replace XXXX-XXXX-XXXX-XXXX with your valid license key and YourSoftwareName with the name of your Webroot Smart Software item.
- Note: It is also possible to deploy Webroot remotely without providing a license key (by omitting the keycode flag and its value from the command), however the end user will then receive a popup to enter a license key upon installation.
- Ensure the correct file names, paths, and version number are used.
- The silent and suppress_auto_launch keys are set to true by default to allow for a silent installation, but they can be modified as desired. Webroot also offers the ability to configure proxy settings by using additional flags, referenced in the following documentation (optional): Webroot Command Parameters
chmod +x "/Library/Addigy/ansible/packages/YourSoftwareName (1.0)/installMacWSA.sh"
/bin/bash -c "/Library/Addigy/ansible/packages/YourSoftwareName (1.0)/installMacWSA.sh" --pkg="/Library/Addigy/ansible/packages/YourSoftwareName (1.0)/WSAMACSME.pkg" -silent=true -suppress_auto_launch=true -keycode=XXXX-XXXX-XXXX-XXXX
Adding MDM Whitelisting
Webroot requires 3 MDM Profiles for a completely automated/silent remote deployment: PPPC for Full Disk Access, System Extensions, & Web Content Filter.
Note: MDM Profiles must be installed prior to the Smart Software item for permissions to be properly whitelisted. This will occur automatically when the items are added to a policy (due to their default Installation Priority). Ensure MDM Profiles are deployed first when installing on individual devices via GoLive.
PPPC for Full Disk Access
For more information about creating a PPPC Profile, refer to: Addigy PPPC Payload Guide
Note: The fields required for Full Disk Access are Access to Protected Files and Access to System Admin Files.
Bundle ID: com.webroot.Webroot-SecureAnywhere
Code Requirement: identifier "com.webroot.Webroot-SecureAnywhere" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "6Q6RVXVYC2"
Note: Webroot has an issue where it may still ask for Full Disk Access within the app even when it is granted, but this can be ignored assuming a scan can be successfully performed.
Web Content Filter
Navigate to Catalog > MDM Profiles and create a new Web Content Filter MDM Profile:
Configure the following settings within the profile:
Filter type: Plugin
User Defined Name: Webroot SecureAnywhere
Plugin Bundle ID: com.webroot.Webroot-SecureAnywhere
Enable Filter Socket Traffic
Socket Filter Bundle Identifier: com.webroot.WSDaemon.WSANetworkExtension
Socket Filter Designated Requirement: anchor apple generic and identifier "com.webroot.WSDaemon.WSANetworkExtension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "6Q6RVXVYC2")
Filter Grade: Inspector
System Extensions
For more information about creating a System Extensions Profile, refer to: Allow System Extensions with Addigy MDM
Enable Allowed System Extensions
Team ID: 6Q6RVXVYC2
Bundle ID: com.webroot.WSDaemon.WSANetworkExtension
The following setting should be included in the payload for devices on macOS 15 (Sequoia) and later -
Enable Non Removable System Extensions
Team ID: 6Q6RVXVYC2
Bundle ID: com.webroot.WSDaemon.WSANetworkExtension
Adding a Custom Conditional Command
Additionally, a Custom Conditional Command can be added so that this software is enforced on a recurring basis as part of an Addigy policy.
Here is a simple Condition script that checks for the Webroot application on the device:
if [ -d "/Applications/Webroot SecureAnywhere.app" ]; then echo "Webroot already installed. Skipping installation." exit 1 else echo "Webroot not found. Installing..." exit 0 fi
Note: This Custom Conditional Command assumes that the Install on Success setting is toggled ON.
If you have any questions, please do not hesitate to reach out to us by contacting support@addigy.com