ESET Online Help

Search English
Select the topic

Remote installation

Before installation

ESET Endpoint Security requires privileges settings that prevent it from being fully installed remotely without your device being enrolled in MDM. If your device is enrolled in MDM, you can use the MDM to distribute these settings via configuration profiles. If your device is not enrolled in MDM, these privileges settings must be allowed manually on each computer.

If you are using Jamf, you can also see our Jamf specific guide.

Setting configuration profiles for ESET Endpoint Security

Before installing ESET Endpoint Security, you must enable the following settings on targeted computers:

ESET system extensions
If ESET system extensions are not enabled before the installation, users will receive System extensions blocked notifications until the ESET system extensions are enabled.

Full disk access
If full disk access is not enabled before the installation, users will receive Your computer is partially protected notifications until the full disk access is enabled.

Firewall
You must add firewall configuration to system settings for the firewall to function.
If the firewall configuration is missing after the ESET Endpoint Security installation, users will receive "ESET Endpoint Security" Would Like to Filter Network Content. When they receive this notification, click Allow. If they click Don't Allow, the firewall will not work.

Web and Email protection
You must add the Web and Email protection configuration to the system settings for Web and Email protection to function.
If the Web and Email protection configuration is missing after the ESET Endpoint Security installation, users will receive "ESET Endpoint Security" Would Like to Filter Network Content. When they receive this notification, click Allow. If they click Don't Allow, Web and Email protection will not work.

To enable the ESET settings above remotely, your computer must be enrolled with an MDM (Mobile Device Management) server, such as Jamf.


important

To enable all necessary pre-installation settings download the .plist payload file for ESET Endpoint Security version 8, and use it to create a configuration profile in your MDM. If you disable program components via component installation, you should also remove these components from your MDM configuration profiles.

Enable ESET system extensions

To enable system extensions on your device remotely, create a configuration profile in your MDM before the installation. Use the following settings:

Team identifier (TeamID)

P8DQRXPVLP

Bundle identifier (BundleID)

com.eset.endpoint
com.eset.network
com.eset.firewall

Enable full disk access

To enable full disk access remotely, perform one of the following actions before the installation:

If your device is managed by ESET PROTECT On-Prem or ESET PROTECT, you need to enable full disk access for ESET Management Agent. Download the .plist payload file for ESET Management Agent.

Create a configuration profile using the following settings:

ESET Endpoint Security

Identifier

com.eset.ees.g2

Identifier Type

bundleID

Code Requirement

identifier "com.eset.ees.g2" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

App or Service

SystemPolicyAllFiles

Access

Allow

Identifier

com.eset.endpoint

Identifier Type

bundleID

Code Requirement

identifier "com.eset.endpoint" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

App or Service

SystemPolicyAllFiles

Access

Allow

Additional settings for ESET Endpoint Security version 8

Identifier

com.eset.network

Identifier Type

bundleID

Code Requirement

identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

App or Service

SystemPolicyAllFiles

Access

Allow

Identifier

com.eset.firewall

Identifier Type

bundleID

Code Requirement

identifier "com.eset.firewall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

App or Service

SystemPolicyAllFiles

Access

Allow

On macOS 12 Monterey and later

Identifier

com.eset.app.Uninstaller

Identifier Type

bundleID

Code Requirement

identifier "com.eset.app.Uninstaller" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

App or Service

SystemPolicyAllFiles

Access

Allow

ESET Management Agent

Identifier

com.eset.remoteadministrator.agent

Identifier Type

bundleID

Code Requirement

identifier "com.eset.remoteadministrator.agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

App or Service

SystemPolicyAllFiles

Access

Allow


important

After allowing full disk access and system extensions remotely, in System Settings > Privacy & Security, these settings might appear disabled. If ESET Endpoint Security does not display any warnings, full disk access and system extensions are allowed, regardless of their status in System Settings > Privacy & Security.

Firewall

To add firewall configuration to system settings remotely, create a content filter configuration profile for the firewall before the installation/upgrade. Use the following settings:

Identifier

com.eset.firewall.manager

Filter order

Firewall

Socket filter

com.eset.firewall

Socket filter designated requirement

identifier "com.eset.firewall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

Web and Email protection

To add Web and Email protection configuration to system settings remotely, create a VPN type configuration profile before the installation. Use the following settings:

VPN type

VPN

Connection type

Custom SSL

Identifier for the custom SSL VPN

com.eset.network.manager

Server

localhost

Provider Bundle Identifier

com.eset.network

User authentication

Certificate

Provider Type

App-proxy

Provider Designated Requirement

identifier "com.eset.network" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP

Idle Timer

Do not disconnect

Proxy Setup

None

Web and Email protection configuration is removed after uninstalling ESET Endpoint Security. If you need to uninstall and install ESET Endpoint Security, you need to deploy the Web and Email protection configuration to the target computer after the uninstallation again.