This KB will guide you on installing Bitdefender as well as showing you which Kext whitelisting and Privacy Preferences Policy Control (PPPC) profiles whitelisting are required to deploy and install Bitdefender via Addigy.


TABLE OF CONTENTS


How do I set up the Custom Software? 


Bitdefender will normally come in a DMG file. To make things as simple as possible, we recommend getting the PKG and XML files that are inside of the DMG and uploading them into Addigy. If you open the Bitdefender DMG, you'll see the files that you will need: 



Drag these files into your Desktop folder. You will then upload them into Addigy using our File Manager. 


Once the files are added, your custom software should look like this: 


Seeing as you'll be using a PKG file, Addigy will automatically generate the installation script. By clicking the Add button, the installation script will be filled in for you. 


Once this is done, you can choose to add a condition and removal script as well. After you're all done, save your custom software. 



How do I set up the PPPC and KEXT payloads? 


Please note that the PPPC and KEXT payloads will need to be deployed prior to deploying the Bitdefender custom software. 

 

PPPC (Policies > Catalog > MDM Configurations > Privacy Preferences Policy Control):


If you're running macOS Big Sur, please add the following identifier and code requirement to your PPPC payload: 


Identifier: com.bitdefender.epsecurity.BDLDaemonApp


Code requirement: anchor apple generic and identifier "com.bitdefender.epsecurity.BDLDaemonApp" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)

 


Here are the identifiers you'll need for :

  1. Endpoint = com.bitdefender.EndpointSecurityforMac 
    • Type: choose (Bundle ID)
  2. DBLDaemon =/Library/Bitdefender/AVP/BDLDaemon  
    • Type: choose (Path)



Here are the Code Requirements you'll need:

  1. (Bundle ID): identifier "com.bitdefender.EndpointSecurityforMac" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y


        2. (Path): identifier BDLDaemon and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y


Please follow the sections where these Identifiers & Code Requirements need to be implemented in the Payload: 


Identifier
Identifier Type
Code Requirement
/Library/Bitdefender/AVP/BDLDaemon
Path
identifier BDLDaemon and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
com.bitdefender.EndpointSecurityforMac
Bundle ID
identifier "com.bitdefender.EndpointSecurityforMac" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
com.bitdefender.epsecurity.BDLDaemonApp
Bundle ID
anchor apple generic and identifier "com.bitdefender.epsecurity.BDLDaemonApp" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)
com.bitdefender.cst.net.dci.dci-network-extension
Bundle ID
anchor apple generic and identifier "com.bitdefender.cst.net.dci.dci-network-extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)




  • Access to Protected Files    
     

 

  • Access to System Admin Files    




  • Access to File Provider




  • Access to Desktop Folder




Kext (Policies > Catalog > MDM configurations > Kernel Extensions):



For the Kext (System Extensions), Bitdefender uses 10 of them. In order to accommodate these in one single payload, each Bundle Identifier uses a comma delimiter & Team Identifier, GUNFMW623Y


Here we've placed all 10 extensions in copy & paste format:

com.bitdefender.FileProtect, com.bitdefender.SelfProtect, com.bitdefender.TMProtection, com.bitdefender.atc, com.bitdefender.mdredr, com.bitdefender.mdrnet, com.bitdefender.mdrfp, com.bitdefender.devmac, com.bitdefender.EndpointSecurityforMac, BDLDaemon

See the screenshot below on how to add these to your payload:


 

Graphical user interface, text, application, Teams

Description automatically generated

 

After the inclusion of these PPPC & KEXT MDM configurations, you should be able to successfully deploy Bitdefender using your custom software deployment in your desired policies. 




System Extensions (For Big Sur devices) (Policies > Catalog > MDM configurations > Kernel Extensions):


Team Identifier: GUNFMW623Y


Bundle Identifier: com.bitdefender.cst.net.dci.dci-network-extension, com.bitdefender.FileProtect, com.bitdefender.SelfProtect, com.bitdefender.TMProtection, com.bitdefender.atc, com.bitdefender.mdredr, com.bitdefender.mdrnet, com.bitdefender.mdrfp, com.bitdefender.devmac, com.bitdefender.EndpointSecurityforMac, BDLDaemon







SSL Certificate

 
  1. Export the Bitdefender SSL Certificate from Keychain on a machine that already has BD installed (this can be your test machine that wants manual approval/permission)
  2. Use ProfileCreator to create a new payload as below
  3. Export as mobileconfig, then add to new MDM config for deployment in Addigy
 
 






We recommend deploying your Custom Software items to test devices and virtual machines to verify their accuracy and robustness before pushing them out to your devices in production. 





If you have an Addigy account and have additional questions, you can create a ticket by emailing support@addigy.com.

Alternatively, you can submit a support request within Addigy.