@jbryant , the 2 netfilters are encrypted, any help on getting the non encrypted ones, or was this intentional , thanks.
i posted the question about about encrypted, then found this command to use
: openssl smime -inform DER -verify -in ~/Settings.mobileconfig -noverify -out ~/Unsigned.mobileconfig
i then stripped out what i needed, but still get the "com.trendmicro.icore" Would like to Filter Network Content - Allow/Dont Allow
more tuning , but ill fix it eventually.
I wrote to the TM Support and got a PDF Manual, titled with"Suggestions for MDM regarding Apex One.pdf". At this time, I try to create a policy that will work and give it a try. I will update this thread with the results.
EDIT:
I had to edit my original posting, because it is not possible to attach files (only pictures) to a post.
Recently we have been getting Trend needing Icore Service.app checked in the Sec&Priv > General tab. How do we automate this? We have the config profiles set but this still insists on manual interaction. 
Hello everyone,
I stumbled upon this thread while trying to get TMSM upgraded to support Big Sur for my organization. I believe I have created a configuration profile to eliminate all prompts - I found the Trend documentation incomplete so I wanted to share what I put together.
I have three privacy profile settings. Two are based off of the Trend documentation, and the last one is based off the prompt from the application to give the extension full disk access (which is not in their documentation).
Next, I have a Kernel Extension payload. I did not specify the Bundle IDs, but you probably could (in Trend's documentation).
Next is a System Extension payload. This is also not in Trend's documentation, but will suppress the "iCoreService would like to filter network content" message.
Even with this system extension, after Trend starts up, there will be an additional "iCoreService would like to filter network content" message. To suppress that, I had to create a content filter payload. Full disclosure - I am not sure if the Filter Order should be Inspector or Firewall. I went with Inspector as that is what another application we use uses (CrowdStrike).
With all these pieces together, I no longer get any Apple prompts. On Big Sur, Trend will still prompt to approve the system extension (even though it's already approved). When the user opens system preferences, they will get a message that they need to reboot (new behavior with Big Sur that reboots are required for system extensions). After a reboot everything should be fine without any additional prompts.
Thank you @mnickels! Your recipe still works like magic with version 3.5.5855 on macOS 12.3 Monterey. The 'Content Filter' trick does the job just fine to ditch the annoying 'network content filter' pop-up message.
About PPPC App Access for 'com.trendmicro.tmsm.MainUI' and 'com.trendmicro.icore', I just allowed 'SystemPolicyAllFiles' as recommended in the official Trend Micro documentation and everything appears to work just fine, without any 'full disk access' prompt so far. Was there another specific reason to allow 'Accessibility' and 'AppleEvents' to them that I'm not aware of?
Thanks again! You made my day!
