Posted on 03-21-2019 04:14 PM
Hi we are trying to get Bit Defender Endpoint Security to push from Jamf,
We've enabled the Kernal's for Bitdefender, but still once it is installed it advises "full disk access required"
Does anyone have any ideas?
Posted on 03-22-2019 07:20 AM
You'll need to create a PPPC configuration profile to enable full disk access for that app.
Posted on 03-22-2019 09:29 AM
Thanks for this, my issue now is getting the bin location to show up,
/usr/bin/log show --predicate 'subsystem == "com.bitdefender.EndpointSecurityforMac"' | grep Prompting
I've tried to enable Kernal extensions for with automatic approval also and that did not work.
Posted on 03-22-2019 02:55 PM
Also tried using Privacy Preferences Policy Control,
I got the identifier but not sure what to put as code requirement
Posted on 06-03-2019 04:28 AM
I am too searching for the answer to this!
We have BitDefender antivirus for Mac and I don't get the "Full disk access" panel to be pre-populated with "BDLDaemon" and "Endpoint Security for Mac". Anyone have more input on this?
Posted on 06-03-2019 05:04 AM
We had a piece of software that was also told to be given "Full disk access" but I found that enabling Accessibility and All Files also sufficed. Might be worth a shot with BitDefender.
Posted on 08-07-2019 01:32 PM
I just got this working fairly easily following these instructions: https://www.jamf.com/jamf-nation/articles/553/preparing-your-organization-for-user-data-protections-on-macos-10-14
I used the Privacy Preferences Policy Control settings and have two App Access settings:
Identifier: com.bitdefender.EndpointSecurityforMac
Identifier type: Bundle ID
Code Requirement: identifier "com.bitdefender.EndpointSecurityforMac" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = GUNFMW623Y
Validate the Statis Code Requirement: checked
App or Service: SystemPolicyAllFiles Allow
Identifier: /Library/Bitdefender/AVP/BDLDaemon
Identifier Type: Path
Code Requirement: identifier BDLDaemon and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists / and certificate leaf[subject.OU] = GUNFMW623Y
Validate the Static Code Requirement: checked
App or Service: SystemPolicyAllFiles Allow
Posted on 11-22-2019 08:09 AM
scarmichael68
I used the settings you outlined, copied and pasted.
But, I get an error when deploying the config through JSS (10.15.1) "In the payload (UUID: CA355A38-F029-4914-A398-00CE78B2D6D1), the key 'Code Requirement' has an invalid value."
Posted on 01-13-2020 12:41 PM
Having the same exact issue.
Posted on 01-14-2020 08:11 AM
Figured it out, if you copied and pasted, check for a trailing enter and delete it. the cursor should be at the end of the team identity code.
Posted on 06-29-2020 01:07 PM
scarmichael68's post is correct, but pay close attention because the post's markdown interpreter screwed up the contents: / exists /
should be /* exists */
. Compare the texts and the screenshots of the original post and you'll spot the differences.
For easy copy/pasting, here is the same content again, but now formatted properly:
Identifier: com.bitdefender.EndpointSecurityforMac
Identifier type: Bundle ID
Code Requirement: identifier "com.bitdefender.EndpointSecurityforMac" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
Validate the Static Code Requirement: checked
App or Service: SystemPolicyAllFiles Allow
Identifier: /Library/Bitdefender/AVP/BDLDaemon
Identifier Type: Path
Code Requirement: identifier BDLDaemon and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
Validate the Static Code Requirement: checked
App or Service: SystemPolicyAllFiles Allow
Posted on 08-17-2020 08:06 AM
having the exact issue
Posted on 11-17-2020 09:37 PM
This solution (esp the version correcting for encoding) worked great for me. However for test purposes, I've upgraded a machine to Big Sur, and now Bitdefender wants one more full disk access permission for BDLDaemon.app. I've tried creating a permission that looks like the BDLDaemon one but with ".app", however it doesn't seem to work. Has anyone else updated this solution for Big Sur?
Posted on 11-18-2020 06:54 AM
@whabib This what I'm using. It seems to be doing the job in Catalina and Big Sur.
Posted on 11-18-2020 08:35 AM
https://www.bitdefender.com/support/bitdefender-support-for-macos-big-sur-2531.html
Bit Defender is working on a new version to enable Content Control which I believe is what's causing the full disk access error.
Posted on 11-18-2020 09:50 AM
@remus Brilliant, thank you! That solved my problem exactly, after fixing my data error entries, of course. I wish I had some time to investigate and understand a little better how this syntax works.
@jwscarsdale It appears we can get around the full disk access issue, however I am discouraging people from upgrading to Big Sur until the BitDefender folks do release the version that fully supports it.
Posted on 02-11-2021 07:53 AM
Not sure what I'm doing wrong here. Using @remus payloads, I am at least able to get the BitDefender stuff to show in the Full Disk Access list, however, it isn't checked.
Posted on 09-27-2021 03:08 PM
I'm currently having issues with Bitdefender installing on a BigSur instance. We're testing this right now but my question for you guys is with Bitdefender default download link being a .dmg how are you using JAMF to push the installer? I've tried multiple ways and have had no luck at all. Any help would be appreciated.
Posted on 09-28-2021 01:06 AM
Hi @crs_cody ,
We're deploying Bitdefender to Big Sur machines with this installation script:
#!/bin/sh
#
# Display Name:
# Install Bitdefender
#
# Information:
# This script will download and install Bitdefender.
#
# Additional configuration profiles will need to be deployed to complete the
# configuration. See:
# - https://www.bitdefender.com/support/how-to-install-bitdefender-endpoint-security-for-mac-through-jamf-pro-10-x-2243.html
# - https://www.bitdefender.com/support/how-to-whitelist-bitdefender-endpoint-security-for-mac-kernel-extensions-using-jamf-pro-10-x-2242.html
# - https://www.jamf.com/jamf-nation/discussions/31445/bitdefender-jamf-push-full-disk-access-required
#
dmgfile="Bitdefender_for_MAC.dmg"
pkgfile="antivirus_for_mac.pkg"
url="https://.../Bitdefender_for_MAC.dmg" # replace with real download URL
# Use parameter 4 to test for debugmode
debugmode=${4}
# Use the alphanumeric characters of the script name to form the log file name
scriptname=$(basename "${0}" | tr -Cd "[:alnum:].-")
logfile="/Library/Logs/${scriptname}-jamf.log"
printlog() {
timestamp=$(date +%F\ %T)
if [ "$(whoami)" = "root" ]; then
/bin/echo "${timestamp}" "${1}" | tee -a "${logfile}"
else
/bin/echo "${timestamp}" "${1}"
fi
}
# Download package
printlog "Downloading latest version of Bitdefender."
/usr/bin/curl -s -o "/tmp/${dmgfile}" "${url}"
# Create temporary mount directory for dmg
printlog "Mounting ${dmgfile}"
mnt=`/usr/bin/mktemp -d 2> /dev/null`
[[ ! -d "${mnt}" ]] && printlog "Failed to verify temporary mount point for dmg exists." && exit 1
/bin/sleep 2
# Attach the dmg to the temporary mount directory
/usr/bin/hdiutil attach "/tmp/${dmgfile}" -quiet -nobrowse -mountpoint "${mnt}" &> /dev/null
# Install package
printlog "Installing..."
cd "${mnt}"
/usr/sbin/installer -pkg "${pkgfile}" -target /
/bin/sleep 5
# Unmount and remove the temporary directory
printlog "Removing mount directory"
/usr/bin/hdiutil detach -force -quiet "${mnt}"
/sbin/umount -f "${mnt}" &> /dev/null
/bin/rm -rf "${mnt}" &> /dev/null
# Clean up package
printlog "Deleting ${dmgfile}."
/bin/rm "/tmp/${dmgfile}"
exit 0
Hope this helps.
Posted on 09-29-2021 10:33 AM
@Pat34 This would except I found out shortly after you sent me this that we use Endpoint from Bitdefender and we get that installer from Kaseya. This installer is packed similarly with one exception, there is no .pkg inside the .dmg file. Instead its a .app file and I'm still having issue with getting it to auto install.