Directly contact our Support Team

Bitdefender Endpoint Security for Mac: How to Configure Jamf Pro for macOS Big Sur 11.0 and later

Bitdefender Endpoint Security for Mac requires a certain configuration in Jamf Pro when using this tool to deploy on machines running macOS Big Sur 11.0 and later. Specifically, you need to create a configuration profile where you pre-approve:

All these approvals are necessary for Endpoint Security for Mac to work properly, without asking endpoint users for interaction.

Bitdefender System Extension

First, you have to approve a configuration profile where you pre-approve the Bitdefender system extension.

  1. Log in to Jamf Pro.
  2. Go to Computers > Configuration Profiles and click New.
  3. In the left-side menu of the new profile, scroll down to System Extensions.
  4. Click Configure.
  5. Under Allowed Team IDs and System Extensions, make this configuration:
    • Under Display Name, enter Bitdefender.
    • From the System Extension Types drop-down list, select Allowed System Extensions.
    • Under Team Identifier, enter GUNFMW623Y.
    • Under Allowed System Extensions, enter the following string: com.bitdefender.cst.net.dci.dci-network-extension

    Once complete, the payload should look as in the image below.

    system extensions

  6. Click Save.

Traffic Proxy

Endpoint Security for Mac uses a tunneling application (like a VPN) to filter the traffic. To pre-approve this application:

  1. In the left-side menu of the profile, go to Content Filter.
  2. Under Filter Name, enter Bitdefender.
  3. Under Identifier, enter com.bitdefender.epsecurity.BDLDaemonApp
  4. Under Network Filter, enter these strings:
    • For Network Filter Bundle Identifier: com.bitdefender.cst.net.dci.dci-network-extension
    • For Network Filter Designated Requirement: anchor apple generic and identifier "com.bitdefender.cst.net.dci.dci-network-extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)

    Once complete, the payload should look as in the image below.

    content filter

  5. Click Save.

Full Disk Access

To allow full disk access for Endpoint Security for Mac:

  1. In the left-side menu of the profile, go to Privacy Preferences Policy Control.
  2. You need to allow full access for the following application:
    • BDLDaemon.app

      To do this:

      1. Under Identifier, enter com.bitdefender.epsecurity.BDLDaemonApp
      2. Under Identifier Type, select Bundle ID.
      3. Under Code Requirement, enter anchor apple generic and identifier "com.bitdefender.epsecurity.BDLDaemonApp" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)
      4. Click + Add on the right side of the screen.
      5. Under App or Service, select SystemPolicyAllFiles from the drop-down list. Next to it, make sure Access is set to Allow.
      6. Click Save.
    • EndpointSecurityforMac.app

      To do this:

      1. Click the + button on the right side of the screen to add another template.
      2. Under Identifier Type, select Bundle ID.
      3. Under Identifier, enter com.bitdefender.EndpointSecurityforMac
      4. Under Code Requirement, enter identifier "com.bitdefender.EndpointSecurityforMac" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
      5. Click + Add on the right side of the screen.
      6. Under App or Service, select SystemPolicyAllFiles from the drop-down list. Next to it, make sure Access is set to Allow.
      7. Click Save.

      Once complete, the payload should look as in the image below.

      full disk access

  3. Click Save.

For details on Endpoint Security for Mac approvals required in macOS Big Sur, refer to this article.

For steps on Endpoint Security for Mac installation through Jamf Pro 10.x, after creating the configuration profile, refer to this article.


Rate this article:

Submit