How to deploy Bitdefender to your Macs using Hexnode UEM?

Bitdefender is a cybersecurity solution that protects devices from risks such as viruses, malicious software, ransomware, and phishing attacks. The device management capabilities provided by the Bitdefender GravityZone enable IT administrators to efficiently manage security policies and monitor threats across the organization’s devices. Hexnode UEM allows you to remotely install and deploy the Bitdefender app to provide threat protection to your Macs. The following sections give a detailed explanation of how to deploy Bitdefender to your Macs using Hexnode UEM.

Steps to deploy Bitdefender

Custom script for app installation

1. Create an installation package on your Bitdefender GravityZone portal. Navigate to Network > Installation Packages > Create, where you can create your package according to your requirements and click Save.
2. Now select the package you have created and click on the option Send Download Links.

3. Copy the macOS downloader link provided in the subsequent window. Paste this link into the designated Download URL section within the following Bitdefender installation script:
   Script to install Bitdefender on Macs

   # Get the download URL for the Mac installer from your GravityZone server and put it here DownloadUrl="Download URL" # Locate DMG Download Link From URL regex='^https.*.dmg$' if [[ $DownloadUrl =~ $regex ]]; then echo "URL points to direct DMG download" validLink="True" else echo "Searching headers for download links" urlHead=$(curl -s --head $DownloadUrl) locationSearch=$(echo "$urlHead" | grep https:) if [ -n "$locationSearch" ]; then locationRaw=$(echo "$locationSearch" | cut -d' ' -f2) locationFormatted="$(echo "${locationRaw}" | tr -d '[:space:]')" regex='^https.*' if [[ $locationFormatted =~ $regex ]]; then echo "Download link found" DownloadUrl=$(echo "$locationFormatted") else echo "No https location download link found in headers" exit 1 fi else echo "No location download link found in headers" exit 1 fi fi # Create Temp Folder DATE=$(date '+%Y-%m-%d-%H-%M-%S') TempFolder="Download-$DATE" mkdir /tmp/$TempFolder # Navigate to Temp Folder cd /tmp/$TempFolder # Download File into Temp Folder curl -s -O "$DownloadUrl" # Capture name of Download File DownloadFile="$(ls)" echo "Downloaded $DownloadFile to /tmp/$TempFolder" # Verifies DMG File regex='\.dmg$' if [[ $DownloadFile =~ $regex ]]; then DMGFile="$(echo "$DownloadFile")" echo "DMG File Found: $DMGFile" else echo "File: $DownloadFile is not a DMG" rm -r /tmp/$TempFolder echo "Deleted /tmp/$TempFolder" exit 1 fi hdiutilAttach=$(hdiutil attach /tmp/$TempFolder/$DMGFile -nobrowse) echo "Used hdiutil to mount $DMGFile " err=$? if [ ${err} -ne 0 ]; then echo "Could not mount $DMGFile Error: ${err}" rm -r /tmp/$TempFolder echo "Deleted /tmp/$TempFolder" exit 1 fi regex='\/Volumes\/.*' if [[ $hdiutilAttach =~ $regex ]]; then DMGVolume="${BASH_REMATCH[@]}" echo "Located DMG Volume: $DMGVolume" else echo "DMG Volume not found" rm -r /tmp/$TempFolder echo "Deleted /tmp/$TempFolder" exit 1 fi # Identify the mount point for the DMG file DMGMountPoint="$(hdiutil info | grep "$DMGVolume" | awk '{ print $1 }')" echo "Located DMG Mount Point: $DMGMountPoint" # Capture name of App file cd "$DMGVolume/SetupDownloader.app/Contents/MacOS/" ./SetupDownloader

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74

   # Get the download URL for the Mac installer from your GravityZone server and put it here DownloadUrl="Download URL" # Locate DMG Download Link From URL regex='^https.*.dmg$' if [[ $DownloadUrl =~ $regex ]]; then     echo "URL points to direct DMG download"     validLink="True" else     echo "Searching headers for download links"     urlHead=$(curl -s --head $DownloadUrl)     locationSearch=$(echo "$urlHead" | grep https:)     if [ -n "$locationSearch" ]; then         locationRaw=$(echo "$locationSearch" | cut -d' ' -f2)         locationFormatted="$(echo "${locationRaw}" | tr -d '[:space:]')"         regex='^https.*'         if [[ $locationFormatted =~ $regex ]]; then             echo "Download link found"             DownloadUrl=$(echo "$locationFormatted")         else             echo "No https location download link found in headers"             exit 1         fi     else         echo "No location download link found in headers"         exit 1     fi fi # Create Temp Folder DATE=$(date '+%Y-%m-%d-%H-%M-%S') TempFolder="Download-$DATE" mkdir /tmp/$TempFolder # Navigate to Temp Folder cd /tmp/$TempFolder # Download File into Temp Folder curl -s -O "$DownloadUrl" # Capture name of Download File DownloadFile="$(ls)" echo "Downloaded $DownloadFile to /tmp/$TempFolder" # Verifies DMG File regex='\.dmg$' if [[ $DownloadFile =~ $regex ]]; then     DMGFile="$(echo "$DownloadFile")"     echo "DMG File Found: $DMGFile" else     echo "File: $DownloadFile is not a DMG"     rm -r /tmp/$TempFolder     echo "Deleted /tmp/$TempFolder"     exit 1 fi hdiutilAttach=$(hdiutil attach /tmp/$TempFolder/$DMGFile -nobrowse) echo "Used hdiutil to mount $DMGFile " err=$? if [ ${err} -ne 0 ]; then     echo "Could not mount $DMGFile Error: ${err}"     rm -r /tmp/$TempFolder     echo "Deleted /tmp/$TempFolder"     exit 1 fi regex='\/Volumes\/.*' if [[ $hdiutilAttach =~ $regex ]]; then     DMGVolume="${BASH_REMATCH[@]}"     echo "Located DMG Volume: $DMGVolume" else     echo "DMG Volume not found"     rm -r /tmp/$TempFolder     echo "Deleted /tmp/$TempFolder"     exit 1 fi # Identify the mount point for the DMG file DMGMountPoint="$(hdiutil info | grep "$DMGVolume" | awk '{ print $1 }')" echo "Located DMG Mount Point: $DMGMountPoint" # Capture name of App file cd "$DMGVolume/SetupDownloader.app/Contents/MacOS/" ./SetupDownloader

Required configurations

To ensure seamless operation of the Bitdefender app on your devices, it is essential to configure System Extensions, Privacy Preferences Policy Control (PPPC), Notification Permissions, and an SSL certificate. Use the following configuration profile that contains all these settings configured together.

1. After installing Bitdefender Endpoint Security on a Mac, an SSL certificate is required for its proper functionality. The Bitdefender agent will prompt the local user to install the certificate to enable SSL protection. You can include the SSL certificate in this configuration profile to simplify this process.
2. To create an SSL Certificate,
   • In the GravityZone portal, set an uninstall password for the endpoints to which you wish to deploy the certificate.
   • In Terminal, create a PEM certificate with the associated private key. Example of command line to create the PEM certificate:
     /usr/bin/openssl req -new -days 1825 -nodes -x509 -subj '/C=RO/ST=Bucharest/L=Bucharest/O=Endpoint/CN=YourCertName CA SSL' -keyout rootCA.key -out rootCA.pem

     1	/usr/bin/openssl req -new -days 1825 -nodes -x509 -subj '/C=RO/ST=Bucharest/L=Bucharest/O=Endpoint/CN=YourCertName CA SSL' -keyout rootCA.key -out rootCA.pem

     Note:

     
     Make sure the name of the certificate that you create (the value for CN in the command line) is different from “Bitdefender CA SSL”, which is the name of the default certificate.

     Example: CN=MyCertificate CA SSL
     

   • In Terminal, create the PFX certificate named certificate.pfx using the PEM and KEY files from the previous step.
     Example of command line to create the certificate.pfx file:
     openssl pkcs12 -inkey rootCA.key -in rootCA.pem -export -out certificate.pfx

     1	openssl pkcs12 -inkey rootCA.key -in rootCA.pem -export -out certificate.pfx

   • Now you will be prompted in Terminal for a password. Make sure you enter the MD5 hash of the uninstall password set in the Bitdefender GravityZone portal.
     Note:

     
     You can calculate MD5 using the command md5 -s password in Terminal. Replace the password with the uninstall password.
     

   • Navigate to the directory where the generated certificate is located. You can use the “cd” command to do this. For instance, if the certificate is on the Desktop, you would enter the following command in the terminal:
     cd \Users\YourUserName\Desktop

     1	cd \Users\YourUserName\Desktop

   • Now execute the following command to encode your .pfx certificate.
     openssl base64 -in CertficateName.pfx -out CertficateName_base64.txt

     1	openssl base64 -in CertficateName.pfx -out CertficateName_base64.txt

   • A .txt file containing the encoded certificate will now be saved in the same location as the .pfx file. Open this file, copy the 64-bit code, and paste it into the EncodedCertificateValue field in the configuration profile provided below:
     Bitdefender configuration profile

     <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>NotificationSettings</key> <array> <dict> <key>BadgesEnabled</key> <true/> <key>BundleIdentifier</key> <string>com.bitdefender.networkinstaller</string> <key>CriticalAlertEnabled</key> <true/> <key>NotificationsEnabled</key> <true/> <key>ShowInCarPlay</key> <false/> <key>ShowInLockScreen</key> <true/> <key>ShowInNotificationCenter</key> <true/> <key>SoundsEnabled</key> <true/> </dict> <dict> <key>BadgesEnabled</key> <false/> <key>BundleIdentifier</key> <string>com.bitdefender.epsecurity.BDLDaemonApp</string> <key>CriticalAlertEnabled</key> <true/> <key>NotificationsEnabled</key> <true/> <key>ShowInCarPlay</key> <false/> <key>ShowInLockScreen</key> <true/> <key>ShowInNotificationCenter</key> <true/> <key>SoundsEnabled</key> <true/> </dict> <dict> <key>BadgesEnabled</key> <true/> <key>BundleIdentifier</key> <string>com.bitdefender.EndpointSecurityforMac</string> <key>CriticalAlertEnabled</key> <true/> <key>NotificationsEnabled</key> <true/> <key>ShowInCarPlay</key> <false/> <key>ShowInLockScreen</key> <true/> <key>ShowInNotificationCenter</key> <true/> <key>SoundsEnabled</key> <true/> </dict> </array> <key>PayloadDescription</key> <string>Configures Notification settings for macOS apps</string> <key>PayloadDisplayName</key> <string>Notifications</string> <key>PayloadIdentifier</key> <string></string> <key>PayloadOrganization</key> <string></string> <key>PayloadType</key> <string>com.apple.notificationsettings</string> <key>PayloadUUID</key> <string>DAF3AE76-A56B-4B5C-8694-28D2FA954BC3</string> <key>PayloadVersion</key> <integer>1</integer> </dict> <dict> <key>AllowUserOverrides</key> <true/> <key>AllowedTeamIdentifiers</key> <array> <string>GUNFMW623Y</string> </array> <key>PayloadDescription</key> <string></string> <key>PayloadDisplayName</key> <string>System Extensions</string> <key>PayloadIdentifier</key> <string>8B5B11F3-A0D9-4622-8831-AC32814651CD</string> <key>PayloadOrganization</key> <string>Bitdefender </string> <key>PayloadType</key> <string>com.apple.system-extension-policy</string> <key>PayloadUUID</key> <string>F0CC9D5B-6997-4A22-95E7-54E6415C30A2</string> <key>PayloadVersion</key> <integer>1</integer> </dict> <dict> <key>PayloadDescription</key> <string></string> <key>PayloadDisplayName</key> <string>Privacy Preferences Policy Control</string> <key>PayloadIdentifier</key> <string>DBD2AA99-C3DF-420F-98A8-3332651328AE</string> <key>PayloadOrganization</key> <string>Bitdefender</string> <key>PayloadType</key> <string>com.apple.TCC.configuration-profile-policy</string> <key>PayloadUUID</key> <string>DBD2AA99-C3DF-420F-98A8-3332651328AE</string> <key>PayloadVersion</key> <integer>1</integer> <key>Services</key> <dict> <key>SystemPolicyAllFiles</key> <array> <dict> <key>Allowed</key> <integer>1</integer> <key>CodeRequirement</key> <string>anchor apple generic and identifier "com.bitdefender.epsecurity.BDLDaemonApp" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)</string> <key>Identifier</key> <string>com.bitdefender.epsecurity.BDLDaemonApp</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <integer>0</integer> </dict> <dict> <key>Allowed</key> <integer>1</integer> <key>CodeRequirement</key> <string>identifier "com.bitdefender.EndpointSecurityforMac" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y</string> <key>Identifier</key> <string>com.bitdefender.EndpointSecurityforMac</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <integer>0</integer> </dict> <dict> <key>Allowed</key> <integer>1</integer> <key>CodeRequirement</key> <string>identifier BDLDaemon and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y</string> <key>Identifier</key> <string>/Library/Bitdefender/AVP/BDLDaemon</string> <key>IdentifierType</key> <string>path</string> <key>StaticCode</key> <integer>0</integer> </dict> </array> </dict> </dict> <dict> <key>PayloadCertificateFileName</key> <string>CertificateName</string> <key>PayloadContent</key> <data>EncodedCertificateValue</data> <key>PayloadDescription</key> <string></string> <key>PayloadDisplayName</key> <string>Bitdefender CA SSL</string> <key>PayloadIdentifier</key> <string>89BA401A-8EFD-40F2-BAD1-45B8A87B3708</string> <key>PayloadOrganization</key> <string>Bitdefender</string> <key>PayloadType</key> <string>com.apple.security.root</string> <key>PayloadUUID</key> <string>89BA401A-8EFD-40F2-BAD1-45B8A87B3708</string> <key>PayloadVersion</key> <integer>1</integer> </dict> <dict> <key>FilterPacketProviderBundleIdentifier</key> <string>com.bitdefender.cst.net.dci.dci-network-extension</string> <key>FilterPacketProviderDesignatedRequirement</key> <string>anchor apple generic and identifier "com.bitdefender.cst.net.dci.dci-network-extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)</string> <key>FilterPackets</key> <true/> <key>FilterSockets</key> <false/> <key>FilterType</key> <string>Plugin</string> <key>PayloadDisplayName</key> <string>Web Content Filter Payload</string> <key>PayloadIdentifier</key> <string></string> <key>PayloadOrganization</key> <string>Bitdefender</string> <key>PayloadType</key> <string>com.apple.webcontent-filter</string> <key>PayloadUUID</key> <string>171C736A-CA59-4EBB-B411-3035422499BF</string> <key>PayloadVersion</key> <integer>1</integer> <key>PluginBundleID</key> <string>com.bitdefender.epsecurity.BDLDaemonApp</string> <key>UserDefinedName</key> <string>Bitdefender</string> </dict> </array> <key>PayloadDescription</key> <string>Bitdefender System Extensions, PPPC, Certificate, Notifications, and Network content filter</string> <key>PayloadDisplayName</key> <string>Bitdefender Settings</string> <key>PayloadIdentifier</key> <string></string> <key>PayloadOrganization</key> <string>Bitdefender</string> <key>PayloadRemovalDisallowed</key> <true/> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>9110F93F-5C45-43A7-B9C9-426A624D7B92</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>

     1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228

     <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>NotificationSettings</key> <array> <dict> <key>BadgesEnabled</key> <true/> <key>BundleIdentifier</key> <string>com.bitdefender.networkinstaller</string> <key>CriticalAlertEnabled</key> <true/> <key>NotificationsEnabled</key> <true/> <key>ShowInCarPlay</key> <false/> <key>ShowInLockScreen</key> <true/> <key>ShowInNotificationCenter</key> <true/> <key>SoundsEnabled</key> <true/> </dict> <dict> <key>BadgesEnabled</key> <false/> <key>BundleIdentifier</key> <string>com.bitdefender.epsecurity.BDLDaemonApp</string> <key>CriticalAlertEnabled</key> <true/> <key>NotificationsEnabled</key> <true/> <key>ShowInCarPlay</key> <false/> <key>ShowInLockScreen</key> <true/> <key>ShowInNotificationCenter</key> <true/> <key>SoundsEnabled</key> <true/> </dict> <dict> <key>BadgesEnabled</key> <true/> <key>BundleIdentifier</key> <string>com.bitdefender.EndpointSecurityforMac</string> <key>CriticalAlertEnabled</key> <true/> <key>NotificationsEnabled</key> <true/> <key>ShowInCarPlay</key> <false/> <key>ShowInLockScreen</key> <true/> <key>ShowInNotificationCenter</key> <true/> <key>SoundsEnabled</key> <true/> </dict> </array> <key>PayloadDescription</key> <string>Configures Notification settings for macOS apps</string> <key>PayloadDisplayName</key> <string>Notifications</string> <key>PayloadIdentifier</key> <string></string> <key>PayloadOrganization</key> <string></string> <key>PayloadType</key> <string>com.apple.notificationsettings</string> <key>PayloadUUID</key> <string>DAF3AE76-A56B-4B5C-8694-28D2FA954BC3</string> <key>PayloadVersion</key> <integer>1</integer> </dict> <dict> <key>AllowUserOverrides</key> <true/> <key>AllowedTeamIdentifiers</key> <array> <string>GUNFMW623Y</string> </array> <key>PayloadDescription</key> <string></string> <key>PayloadDisplayName</key> <string>System Extensions</string> <key>PayloadIdentifier</key> <string>8B5B11F3-A0D9-4622-8831-AC32814651CD</string> <key>PayloadOrganization</key> <string>Bitdefender </string> <key>PayloadType</key> <string>com.apple.system-extension-policy</string> <key>PayloadUUID</key> <string>F0CC9D5B-6997-4A22-95E7-54E6415C30A2</string> <key>PayloadVersion</key> <integer>1</integer> </dict> <dict> <key>PayloadDescription</key> <string></string> <key>PayloadDisplayName</key> <string>Privacy Preferences Policy Control</string> <key>PayloadIdentifier</key> <string>DBD2AA99-C3DF-420F-98A8-3332651328AE</string> <key>PayloadOrganization</key> <string>Bitdefender</string> <key>PayloadType</key> <string>com.apple.TCC.configuration-profile-policy</string> <key>PayloadUUID</key> <string>DBD2AA99-C3DF-420F-98A8-3332651328AE</string> <key>PayloadVersion</key> <integer>1</integer> <key>Services</key> <dict> <key>SystemPolicyAllFiles</key> <array> <dict> <key>Allowed</key> <integer>1</integer> <key>CodeRequirement</key> <string>anchor apple generic and identifier "com.bitdefender.epsecurity.BDLDaemonApp" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)</string> <key>Identifier</key> <string>com.bitdefender.epsecurity.BDLDaemonApp</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <integer>0</integer> </dict> <dict> <key>Allowed</key> <integer>1</integer> <key>CodeRequirement</key> <string>identifier "com.bitdefender.EndpointSecurityforMac" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y</string> <key>Identifier</key> <string>com.bitdefender.EndpointSecurityforMac</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <integer>0</integer> </dict> <dict> <key>Allowed</key> <integer>1</integer> <key>CodeRequirement</key> <string>identifier BDLDaemon and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y</string> <key>Identifier</key> <string>/Library/Bitdefender/AVP/BDLDaemon</string> <key>IdentifierType</key> <string>path</string> <key>StaticCode</key> <integer>0</integer> </dict> </array> </dict> </dict> <dict> <key>PayloadCertificateFileName</key> <string>CertificateName</string> <key>PayloadContent</key> <data>EncodedCertificateValue</data> <key>PayloadDescription</key> <string></string> <key>PayloadDisplayName</key> <string>Bitdefender CA SSL</string> <key>PayloadIdentifier</key> <string>89BA401A-8EFD-40F2-BAD1-45B8A87B3708</string> <key>PayloadOrganization</key> <string>Bitdefender</string> <key>PayloadType</key> <string>com.apple.security.root</string> <key>PayloadUUID</key> <string>89BA401A-8EFD-40F2-BAD1-45B8A87B3708</string> <key>PayloadVersion</key> <integer>1</integer> </dict> <dict> <key>FilterPacketProviderBundleIdentifier</key> <string>com.bitdefender.cst.net.dci.dci-network-extension</string> <key>FilterPacketProviderDesignatedRequirement</key> <string>anchor apple generic and identifier "com.bitdefender.cst.net.dci.dci-network-extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)</string> <key>FilterPackets</key> <true/> <key>FilterSockets</key> <false/> <key>FilterType</key> <string>Plugin</string> <key>PayloadDisplayName</key> <string>Web Content Filter Payload</string> <key>PayloadIdentifier</key> <string></string> <key>PayloadOrganization</key> <string>Bitdefender</string> <key>PayloadType</key> <string>com.apple.webcontent-filter</string> <key>PayloadUUID</key> <string>171C736A-CA59-4EBB-B411-3035422499BF</string> <key>PayloadVersion</key> <integer>1</integer> <key>PluginBundleID</key> <string>com.bitdefender.epsecurity.BDLDaemonApp</string> <key>UserDefinedName</key> <string>Bitdefender</string> </dict> </array> <key>PayloadDescription</key> <string>Bitdefender System Extensions, PPPC, Certificate, Notifications, and Network content filter</string> <key>PayloadDisplayName</key> <string>Bitdefender Settings</string> <key>PayloadIdentifier</key> <string></string> <key>PayloadOrganization</key> <string>Bitdefender</string> <key>PayloadRemovalDisallowed</key> <true/> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>9110F93F-5C45-43A7-B9C9-426A624D7B92</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>

3. In the Hexnode portal, navigate to Policies > New Policy > macOS.
4. Under the macOS tab, navigate to Configurations > Deploy Custom Configuration.
5. Click Configure.
6. Click on Choose File and upload the configuration file.

Associate target devices

1. First deploy the app installation script through Hexnode’s Execute Custom Script remote action.
2. Once the installation script has been successfully executed, proceed to the Associate Policies tab within the device management section. From there, locate and select the policy that includes the configuration profile you set up earlier.
3. Click on Associate.

What happens at the device end?

After applying the installation script and configurations to the device, the following processes are initiated.

1. The Bitdefender PKG gets installed on the device, consisting of two apps: the Bitdefender installer app and the Bitdefender Endpoint Security for Mac app.
2. The System Extensions, Privacy Preferences Policy Control (PPPC), Notification Permissions, and SSL certificates allocate the necessary permissions to applications accordingly.