Posted   by 

Bitdefender Big Sur



This KB will guide you on installing Bitdefender as well as showing you which Kext whitelisting and Privacy Preferences Policy Control (PPPC) profiles whitelisting are required to deploy and install Bitdefender via Addigy.

Big Sur is supported by SEP 14.3 RU1 and 14.3 RU1-MP1 only when running on Intel chip. SEP 14.3 RU2, ETA in Spring of 2021, will support Apple Silicon (the Apple M series chip). Neither Apple or Symantec support macOS 10.12.x or older; Mac OS X 64-bit mode is supported. PowerPC processors are not supported as of version 12.1.x. Bitdefender Home Network Support. Bitdefender Computer Tune-Up. Bitdefender VIP Support. Premium Services. Live Support offered by certified experts. In macOS Big Sur (11.0), Apple replaced kernel extensions with a new generation of system extensions. To accommodate this change, Endpoint Security for Mac requires additional approvals from users. For details, refer to this article.

MacOS Big Sur 11.2.3 3 similar apps in Operating Systems KakaoTalk 6.1.5 5 similar apps in Instant Messaging Google Chrome 89.0.4389.128 14 similar apps in Browsers.


TABLE OF CONTENTS

How do I set up the Custom Software?


Bitdefender will normally come in a DMG file. To make things as simple as possible, we recommend getting the PKG and XML files that are inside of the DMG and uploading them into Addigy. If you open the Bitdefender DMG, you'll see the files that you will need:



Drag these files into your Desktop folder. You will then upload them into Addigy using our File Manager.


Once the files are added, your custom software should look like this:


Seeing as you'll be using a PKG file, Addigy will automatically generate the installation script. By clicking the Add button, the installation script will be filled in for you.


Once this is done, you can choose to add a condition and removal script as well. After you're all done, save your custom software.


How do I set up the PPPC and KEXT payloads?


PPPC (Policies > Catalog > MDM Configurations > Privacy Preferences Policy Control):


If you're running macOS Big Sur, please add the following identifier and code requirement to your PPPC payload:


Identifier: com.bitdefender.epsecurity.BDLDaemonApp


Code requirement: anchor apple generic and identifier 'com.bitdefender.epsecurity.BDLDaemonApp' and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)


Here are the identifiers you'll need for :

  1. Endpoint = com.bitdefender.EndpointSecurityforMac
    • Type: choose (Bundle ID)
  2. DBLDaemon =/Library/Bitdefender/AVP/BDLDaemon
    • Type: choose (Path)



Here are the Code Requirements you'll need:

  1. (Bundle ID): identifier 'com.bitdefender.EndpointSecurityforMac' and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y


2. (Path): identifier BDLDaemon and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y


Please follow the sections where these Identifiers & Code Requirements need to be implemented in the Payload:


Identifier Type
/Library/Bitdefender/AVP/BDLDaemon
identifier BDLDaemon and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
Bundle ID
identifier 'com.bitdefender.EndpointSecurityforMac' and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
Bundle ID
anchor apple generic and identifier 'com.bitdefender.epsecurity.BDLDaemonApp' and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)
Bundle ID
anchor apple generic and identifier 'com.bitdefender.cst.net.dci.dci-network-extension' and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)




  • Access to Protected Files
  • Access to System Admin Files




  • Access to File Provider




  • Access to Desktop Folder




Kext (Policies > Catalog > MDM configurations > Kernel Extensions):



For the Kext (System Extensions), Bitdefender uses 10 of them. In order to accommodate these in one single payload, each Bundle Identifier uses a comma delimiter & Team Identifier, GUNFMW623Y


Here we've placed all 10 extensions in copy & paste format:

com.bitdefender.FileProtect, com.bitdefender.SelfProtect, com.bitdefender.TMProtection, com.bitdefender.atc, com.bitdefender.mdredr, com.bitdefender.mdrnet, com.bitdefender.mdrfp, com.bitdefender.devmac, com.bitdefender.EndpointSecurityforMac, BDLDaemon

See the screenshot below on how to add these to your payload:


After the inclusion of these PPPC & KEXT MDM configurations, you should be able to successfully deploy Bitdefender using your custom software deployment in your desired policies.




System Extensions (For Big Sur devices) (Policies > Catalog > MDM configurations > Kernel Extensions):

Bitdefender Big Sur


Team Identifier: GUNFMW623Y


Bundle Identifier: com.bitdefender.cst.net.dci.dci-network-extension, com.bitdefender.FileProtect, com.bitdefender.SelfProtect, com.bitdefender.TMProtection, com.bitdefender.atc, com.bitdefender.mdredr, com.bitdefender.mdrnet, com.bitdefender.mdrfp, com.bitdefender.devmac, com.bitdefender.EndpointSecurityforMac, BDLDaemon







SSL Certificate

  1. Export the Bitdefender SSL Certificate from Keychain on a machine that already has BD installed (this can be your test machine that wants manual approval/permission)
  2. Use ProfileCreator to create a new payload as below
  3. Export as mobileconfig, then add to new MDM config for deployment in Addigy


Bitdefender Free Version Windows 10





We recommend deploying your Custom Software items to test devices and virtual machines to verify their accuracy and robustness before pushing them out to your devices in production.




If you have an Addigy account and have additional questions, you can create a ticket by emailing support@addigy.com.

Alternatively, you can submit a support request within Addigy.

This KB will guide you on installing Bitdefender as well as showing you which Kext whitelisting and Privacy Preferences Policy Control (PPPC) profiles whitelisting are required to deploy and install Bitdefender via Addigy.


TABLE OF CONTENTS

How do I set up the Custom Software?


Bitdefender will normally come in a DMG file. To make things as simple as possible, we recommend getting the PKG and XML files that are inside of the DMG and uploading them into Addigy. If you open the Bitdefender DMG, you'll see the files that you will need:



Drag these files into your Desktop folder. You will then upload them into Addigy using our File Manager.


Once the files are added, your custom software should look like this:


Seeing as you'll be using a PKG file, Addigy will automatically generate the installation script. By clicking the Add button, the installation script will be filled in for you.


Once this is done, you can choose to add a condition and removal script as well. After you're all done, save your custom software.


How do I set up the PPPC and KEXT payloads?


PPPC (Policies > Catalog > MDM Configurations > Privacy Preferences Policy Control):


If you're running macOS Big Sur, please add the following identifier and code requirement to your PPPC payload:


Identifier: com.bitdefender.epsecurity.BDLDaemonApp


Code requirement: anchor apple generic and identifier 'com.bitdefender.epsecurity.BDLDaemonApp' and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)


Here are the identifiers you'll need for :

  1. Endpoint = com.bitdefender.EndpointSecurityforMac
    • Type: choose (Bundle ID)
  2. DBLDaemon =/Library/Bitdefender/AVP/BDLDaemon
    • Type: choose (Path)



Here are the Code Requirements you'll need:

  1. (Bundle ID): identifier 'com.bitdefender.EndpointSecurityforMac' and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y


2. (Path): identifier BDLDaemon and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y


Please follow the sections where these Identifiers & Code Requirements need to be implemented in the Payload:


Identifier Type
/Library/Bitdefender/AVP/BDLDaemon
identifier BDLDaemon and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
Bundle ID
identifier 'com.bitdefender.EndpointSecurityforMac' and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
Bundle ID
anchor apple generic and identifier 'com.bitdefender.epsecurity.BDLDaemonApp' and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)
Bundle ID
anchor apple generic and identifier 'com.bitdefender.cst.net.dci.dci-network-extension' and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)




  • Access to Protected Files
  • Access to System Admin Files




  • Access to File Provider




  • Access to Desktop Folder




Kext (Policies > Catalog > MDM configurations > Kernel Extensions):



For the Kext (System Extensions), Bitdefender uses 10 of them. In order to accommodate these in one single payload, each Bundle Identifier uses a comma delimiter & Team Identifier, GUNFMW623Y


Here we've placed all 10 extensions in copy & paste format:

com.bitdefender.FileProtect, com.bitdefender.SelfProtect, com.bitdefender.TMProtection, com.bitdefender.atc, com.bitdefender.mdredr, com.bitdefender.mdrnet, com.bitdefender.mdrfp, com.bitdefender.devmac, com.bitdefender.EndpointSecurityforMac, BDLDaemon

See the screenshot below on how to add these to your payload:


After the inclusion of these PPPC & KEXT MDM configurations, you should be able to successfully deploy Bitdefender using your custom software deployment in your desired policies.




System Extensions (For Big Sur devices) (Policies > Catalog > MDM configurations > Kernel Extensions):


Team Identifier: GUNFMW623Y


Bundle Identifier: com.bitdefender.cst.net.dci.dci-network-extension, com.bitdefender.FileProtect, com.bitdefender.SelfProtect, com.bitdefender.TMProtection, com.bitdefender.atc, com.bitdefender.mdredr, com.bitdefender.mdrnet, com.bitdefender.mdrfp, com.bitdefender.devmac, com.bitdefender.EndpointSecurityforMac, BDLDaemon



Bitdefender Big Sur Beta





SSL Certificate

  1. Export the Bitdefender SSL Certificate from Keychain on a machine that already has BD installed (this can be your test machine that wants manual approval/permission)
  2. Use ProfileCreator to create a new payload as below
  3. Export as mobileconfig, then add to new MDM config for deployment in Addigy






Bitdefender Big Surprise

We recommend deploying your Custom Software items to test devices and virtual machines to verify their accuracy and robustness before pushing them out to your devices in production.




If you have an Addigy account and have additional questions, you can create a ticket by emailing support@addigy.com.

Bitdefender Big Surface

Alternatively, you can submit a support request within Addigy.