This KB will guide you on which Kext whitelisting and PPPC profiles whitelisting are required to deploy and install Bitdefender via Addigy. For the purpose of this specific AV solution, we don't recommend the use of Smart Software to create the PPPC MDM configurations. The reason being is that Identifier needs to be whitelisted for Path, and Smart Software doesn't support it currently. If you wish to know more about Smart Software please refer to: Smart Software
Bitdefender is a third party application that by design utilizes many components within the macOS library folders. In which those components need to be whitelisted in order to properly deploy to a macOS without any PPPC or KEXT prompts for the end-user. These steps will assist you in creating those whitelisting before creating the custom software that holds the .pkg & .xml that are necessary when deploying Bitdefender to end-users macOS environments.
- Endpoint = com.bitdefender.EndpointSecurityforMac Type :(Bundle ID)
- DBLDaemon = /Library/Bitdefender/AVP/BDLDaemon Type: (Path)
- (Bundle ID): identifier "com.bitdefender.EndpointSecurityforMac" and anchor apple generic and certificate 1[field.1.2.840.1136126.96.36.199.6] /* exists */ and certificate leaf[field.1.2.840.1136188.8.131.52.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
- (Path): identifier BDLDaemon and anchor apple generic and certificate 1[field.1.2.840.1136184.108.40.206.6] /* exists */ and certificate leaf[field.1.2.840.1136220.127.116.11.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
Please follow the sections were these Indetifiers & Code Requirements need to be impletemented in the Payload.
- Access to Protected Files
- Access to System Admin Files
- Access to File Provider
- Access to Desktop Folder
For the Kext (System Extensions), Bitdefender uses 10 of them, in order to accommodate these in one single payload each Bundle Identifier uses a comma delimiter & Team Identifier GUNFMW623Y (See attached a screenshot on how to add these to your payload):
- AntiVirus Bitdefender GUNFMW623Y com.bitdefender.FileProtect
- AntiVirus Bitdefender GUNFMW623Y com.bitdefender.SelfProtect
- AntiVirus Bitdefender GUNFMW623Y com.bitdefender.TMProtection
- AntiVirus Bitdefender GUNFMW623Y com.bitdefender.atc
- AntiVirus Bitdefender GUNFMW623Y com.bitdefender.mdredr
- AntiVirus Bitdefender GUNFMW623Y com.bitdefender.mdrnet
- AntiVirus Bitdefender GUNFMW623Y com.bitdefender.mdrfp
- AntiVirus Bitdefender GUNFMW623Y com.bitdefender.devmac
- AntiVirus Bitdefender GUNFMW623Y com.bitdefender.EndpointSecurityforMac
- AntiVirus Bitdefender GUNFMW623Y BDLDaemon
After the inclusion of these PPPC & KEXT MDM configurations, you should be able to successfully deploy Bitdefender using your custom software deployment in your desired policies. We recommend deploying your Custom Software items to test devices and virtual machines to verify their accuracy and robustness before pushing them out to your devices in production. If you encounter any issues please contact email@example.com for any assistance.