This KB will guide you on installing Bitdefender as well as showing you which Kext whitelisting and PPPC profiles whitelisting are required to deploy and install Bitdefender via Addigy.
How do I set up the Custom Software?
Bitdefender will normally come in a DMG file. To make things as simple as possible, we recommend getting the PKG and XML files that are inside of the DMG and uploading them into Addigy. If you open the Bitdefender DMG, you'll see the files that you will need:
Drag these files into your Desktop folder. You will then upload them into Addigy using our File Manager.
Once the files are added, your custom software should look like this:
Seeing as you'll be using a PKG file, Addigy will automatically generate the installation script. By clicking the Add button, the installation script will be filled in for you.
Once this is done, you can choose to add a condition and removal script as well. After you're all done, save your custom software.
How do I set up the PPPC and KEXT payloads?
Please note that the PPPC and KEXT payloads will need to be deployed prior to deploying the Bitdefender custom software.
PPPC (Policies>Catalog>MDM configurations>Privacy Preferences Policy Control):
If you're running macOS Big Sur, please add the following identifier and code requirement to your PPPC payload:
Code requirement: anchor apple generic and identifier "com.bitdefender.epsecurity.BDLDaemonApp" and (certificate leaf[field.1.2.840.113618.104.22.168.9] /* exists */ or certificate 1[field.1.2.840.113622.214.171.124.6] /* exists */ and certificate leaf[field.1.2.840.1136126.96.36.199.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)
Here are the identifiers you'll need for :
- Endpoint =com.bitdefender.EndpointSecurityforMac Type :(Bundle ID)
- DBLDaemon =/Library/Bitdefender/AVP/BDLDaemon Type: (Path)
Here are the Code Requirements you'll need:
- (Bundle ID):identifier "com.bitdefender.EndpointSecurityforMac" and anchor apple generic and certificate 1[field.1.2.840.1136188.8.131.52.6] /* exists */ and certificate leaf[field.1.2.840.1136184.108.40.206.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
2.(Path):identifier BDLDaemon and anchor apple generic and certificate 1[field.1.2.840.1136220.127.116.11.6] /* exists */ and certificate leaf[field.1.2.840.113618.104.22.168.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
Please follow the sections were these Indetifiers & Code Requirements need to be impletemented in the Payload.
- Access to Protected Files
- Access to System Admin Files
- Access to File Provider
- Access to Desktop Folder
Kext (Policies>Catalog>MDM configurations>Kernel Extensions):
For the Kext (System Extensions), Bitdefender uses 10 of them, in order to accommodate these in one single payload each Bundle Identifier uses a comma delimiter & Team Identifier GUNFMW623Y
Here we've placed all 10 extensions in copy & paste format:
com.bitdefender.FileProtect, com.bitdefender.SelfProtect, com.bitdefender.TMProtection, com.bitdefender.atc, com.bitdefender.mdredr, com.bitdefender.mdrnet, com.bitdefender.mdrfp, com.bitdefender.devmac, com.bitdefender.EndpointSecurityforMac, BDLDaemon
(See the screenshot below on how to add these to your payload):
After the inclusion of these PPPC & KEXT MDM configurations, you should be able to successfully deploy Bitdefender using your custom software deployment in your desired policies.
We recommend deploying your Custom Software items to test devices and virtual machines to verify their accuracy and robustness before pushing them out to your devices in production.
If you have an Addigy account and have additional questions, you can create a ticket by emailing firstname.lastname@example.org.
Alternatively, you can submit a support request within Addigy.