ESET Online Help

Search English
Select the topic

Remote installation

Before installation

ESET Endpoint Antivirus for macOS requires privileges settings that prevent it from being fully installed remotely without your device being enrolled in MDM. If your device is enrolled in MDM, you can use the MDM to distribute these settings via configuration profiles. If your device is not enrolled in MDM, these privileges settings must be allowed manually on each computer.

If you are using Jamf, you can also see our Jamf specific guide.

Setting configuration profiles for ESET Endpoint Antivirus for macOS

Before installing ESET Endpoint Antivirus for macOS, you must enable the following settings on targeted computers:

oESET system extensions
If ESET system extensions are not enabled before the installation, users will receive System extensions blocked notifications until the ESET system extensions are enabled.

oFull disk access
If full disk access is not enabled before the installation, users will receive Your computer is partially protected notifications until the full disk access is enabled.

oWeb and Email protection
You must add the Web and Email protection configuration to the system settings for Web and Email protection to function.
If the Web and Email protection configuration is missing after the ESET Endpoint Antivirus for macOS installation, users will receive "ESET Endpoint Antivirus for macOS" Would Like to Filter Network Content. When they receive this notification, click Allow. If they click Don't Allow, Web and Email protection will not work.

To enable the ESET settings above remotely, your computer must be enrolled with an MDM (Mobile Device Management) server, such as Jamf.

Enable ESET system extensions

To enable system extensions on your device remotely, perform one of the following actions before the installation:

oDownload the .plist payload. Create a configuration profile in your MDM using the .plist payload.

oCreate a configuration profile in your MDM using the following settings:

Team identifier (TeamID)

P8DQRXPVLP

Bundle identifier (BundleID)

com.eset.endpoint
com.eset.network

Enable full disk access

To enable full disk access remotely, perform one of the following actions before the installation:

oDownload the .plist payload file for ESET Endpoint Antivirus for macOS. Create a configuration profile in your MDM using the .plist payload.
If your device is managed by ESET PROTECT On-Prem or ESET PROTECT, you need to enable full disk access for ESET Management Agent as well. Download the .plist payload file for ESET Management Agent.

oCreate a configuration profile using the following settings:

ESET Endpoint Antivirus

Identifier

com.eset.eea.g2

Identifier Type

bundleID

Code Requirement

identifier "com.eset.eea.g2" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

App or Service

SystemPolicyAllFiles

Access

Allow

Identifier

com.eset.endpoint

Identifier Type

bundleID

Code Requirement

identifier "com.eset.endpoint" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

App or Service

SystemPolicyAllFiles

Access

Allow

On macOS 12 Monterey and later

Identifier

com.eset.app.Uninstaller

Identifier Type

bundleID

Code Requirement

identifier "com.eset.app.Uninstaller" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

App or Service

SystemPolicyAllFiles

Access

Allow

ESET Management Agent

Identifier

com.eset.remoteadministrator.agent

Identifier Type

bundleID

Code Requirement

identifier "com.eset.remoteadministrator.agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

App or Service

SystemPolicyAllFiles

Access

Allow


important

After allowing full disk access and system extensions remotely, in System Settings > Privacy & Security, these settings might appear disabled. If ESET Endpoint Antivirus for macOS does not display any warnings, full disk access and system extensions are allowed, regardless of their status in System Settings > Privacy & Security.

Web and Email protection

To add Web and Email protection configuration to system settings remotely, perform one of the following actions before the installation:

oDownload the .plist payload file. Create a configuration profile in your MDM using the .plist payload. Your computer must be enrolled in the MDM server to deploy configuration profiles to those computers.

oTo create a configuration profile, create a VPN type configuration profile with the following settings:

VPN type

VPN

Connection type

Custom SSL

Identifier for the custom SSL VPN

com.eset.network.manager

Server

localhost

Provider Bundle Identifier

com.eset.network

User authentication

Certificate

Provider Type

App-proxy

Provider Designated Requirement

identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

Enable VPN on Demand

On Demand Rules Configuration XML

<array>

<dict>

<key>Action</key>

<string>Connect</string>

</dict>

</array>

Idle Timer

Do not disconnect

Proxy Setup

None


important

In case you are upgrading ESET Endpoint Antivirus for macOS from version 6 to version 7, leave Enable VPN on Demand field unchecked. This will also disable section On Demand Rules Configuration XML, which is expected.

Web and Email protection configuration is removed after uninstalling ESET Endpoint Antivirus for macOS. If you need to uninstall and install ESET Endpoint Antivirus for macOS, you need to deploy the Web and Email protection configuration to the target computer after the uninstallation again.