New system extensions for Bitdefender

samuellarsson
New Contributor III

Hi,

Bitdefender has activated a new web content control module in the Endpoint Security app, which now results in the end user having to approve a system extension.
6b42e3c30505441eab1e659278888a7f

I have tried to add the below approved system extensions in a config profile, but they still show up. What else can I do?
9fba3e8b66b3436c96f78fcee6b02df5
26a12bf75dad4641bf1f8aed8e852c70

26 REPLIES 26

greatkemo
Contributor

@samuellarsson I got hit by the same thing today after my clients for 4.15 update of Bitdefender, here is my configuration and early testing shows it is working for now.

Got info from this page https://www.bitdefender.com/support/changes-to-bitdefender-endpoint-security-for-mac-in-macos-big-su...

export the SSL cert from one of you clients keychain as .cer and add it to your payload.

d2bc83cde6c3447db30fc7592d3e6942

6a09e484e36f4a5cb5434d039a2d669c

bfdfcaf0ca6e495fbeaeb28bd20c90bd

5c7d584c0ce941f79f3dfa7364c00808

64d0a77e4df24bad88bc8e9830238bf4

a2cff147b2f542bfaf5ace2419b7e47b

Hope this helps.

Dan1987
New Contributor III

Hi Samuel,
Did you manage to get this working?
Thanks

remus
New Contributor III

@greatkemo Thank you for your step-by-step tutorial.
I managed to make it work but, is there a way to avoid having to type in the password for the certificate?
I exported the Bitdefender CA SSL certificate from my test machine and added it to JAMF. The certificate gets pushed from JAMF but then when Bitdefender starts, it ask for credentials to modify The System Certificate Trust……
4106b12a9fbd4ccaba4b9387373b7e9c

greatkemo
Contributor

@remus I am not seeing this issue, did you check the box for Allow all apps to use this certificate?

remus
New Contributor III

@greatkemo Ahaaaa! It is checked.
bd421c98e40f4c5c821a2421855f0174
I'm testing on Big Sur 11.1. If you are not seeing the same behaviour then maybe there is bug in 11.1. (Wishful thinking, hehe)
I'll update to 11.2.1 and test again.

greatkemo
Contributor

@remus and you selected your certificate in the Content Filter payload?

greatkemo
Contributor

One thing I would also add, when I exported the cert from my laptop, it was already trusted, I did not have an issue with the trust. Not sure if that helps or not.

remus
New Contributor III

@greatkemo This is driving me nuts… Still not working! Every time I have to authenticate to make changes to the certificate.
When JAMF pushes the certificate it is "Always Trust"-ed in the keychain.
As soon as Bitdefender installs, it creates another certificate that needs to be authenticated.
7ebe4e7d01124294829eb28cf4ce9008

Is there a chance I could have your Configuration Profile for Bitdefender?

greatkemo
Contributor

@remus this is giving me trouble now too. It seems if the client already had BD installed it does not give me a prompt, but if it is a new install, I get the prompt to trust the certificate. I need to work on it a bit more and see what is the deal with it, and maybe even open a case with Bitdefender to provide better documentation for deploying with jamf pro.

greatkemo
Contributor

I just looked through Bitdefender support site and they have put up new documentation for jamf pro.

Here is the link: Bitdefender Endpoint Security for Mac: How to Configure Jamf Pro for macOS Big Sur 11.0 and later

However, this is nothing in there about the certificate.

remus
New Contributor III

@greatkemo Ooooo goody… It's not just me then!
I called Bitdefender and they told me to follow the information on that document that you also linked.
Now I'm writing back to tell them that the information in that documentation is incomplete. There is no mention on how to handle the certificate.
So go ahead and open a case as well! The more the merrier! 🙂

greatkemo
Contributor

greatkemo
Contributor

@remus What I think is happening is when BD runs, it is adding the certificate, and it looks like they are not using the updated API through their app to trust it. It is pointless to try and add the cert using a profile because it seems to be ignored and another cert is installed with a different expiry date and all. So this needs to be fixed by the developer in a future update. Hopefully soon.

As for the add-trust using the security command, that has been changed in Big Sur and will prompt for user authentication.
https://developer.apple.com/documentation/macos-release-notes/macos-big-sur-11_0_1-release-notes#Sec...

remus
New Contributor III

@greatkemo Thank you so much for your feedback.
I also realised that the "add-trust" command thingy is not "silently" working anymore. 😞
I'll keep you posted in case I hear back from the Bitdefender people.
I wrote back that the certificate part of their documentation is missing. I haven't heard anything back yet.

cmasciarelli-L
New Contributor II

Experiencing the same issues and have also gone back and forth with Bitdefender support.

Currently, I'm at a point where I have configured a Configuration Profile using the instructions provided by Bitdefender.
https://www.bitdefender.com/support/bitdefender-endpoint-security-for-mac:-how-to-configure-jamf-pro-for-macos-big-sur-11-0-and-later-2661.html

However, this Configuration Profile is not allowing the System Extension, nor accepting the SSL Certificate (of course nothing in the Configuration Profile that would do so)

For now I am focusing on the System Extension, waiting back on Bitdefender support.

greatkemo
Contributor

@cmasciarelli-L You should have a working System Extension and Content Filter after following the above article. As for the certificate, we've all been bitten by it, so waiting on a reply from support. But this is something their devs would probably need to fix so could take a while. They should not have put this update out as a fix for the content control not working in Big Sur, and leave us with a whole new problem.

remus
New Contributor III

@greatkemo We got our answer from Bitdefender… and the answer is kind of embarrassing. It looks like a half-baked compatibility with Big Sur.
At this time we do not support importing the certificate through Jamf PRO because the certificate is unique for each station.
The certificate is generated locally on each station. For this reason they cannot be imported through Jamf PRO.
We have opened an internal case to find a solution to accept the certificate through JAMF Pro but we do not have a deadline for when it will be implemented.

greatkemo
Contributor

@remus I also got a lame response from them, which basically said that I was doing it wrong and that I should follow the steps in all the links which I already followed anyway.

I am sure the issue is this....
When you get prompted for a password to trust the certificate do this:

ps aux | grep add-trusted-cert | grep -v grep

You should see...

/usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /Library/Bitdefender/AVP/antivirus.bundle/rootCA.pem

So you can see that the app is trying to add their CA to the trust using the security command, which now in Big Sur requires users to authorize this transaction.

Instead, developers need to use Apple's API for certificates to add items to the keychain
https://developer.apple.com/documentation/security/certificate_key_and_trust_services/certificates

The annoying thing is, this is not new news a surprise from Apple, this was mentioned months ago.

cmasciarelli-L
New Contributor II

I'm still struggling with the System Extension for some reason.
Here is what my Configuration Profile looks like
08c25d4eec08491a8928a484e912f3b8

remus
New Contributor III

@cmasciarelli-L You probably did not checked Network Extension.
Use these screen-grabs as an example!
But you are going to hit a wall when it comes to the SSL Certificate.
In order to avoid that, disable the Content Control module and leave active only the Antimalware module.

b3aa7dd0664643dcabf646863999ddb4
e03372f83d0349d581f368e7d8d63ec7

6994650dc04146e88f8e116a02278a23

greatkemo
Contributor

@remus @cmasciarelli-L

Use these, they are tidier and working (apart from cert of course), but don't forget these will work on Big Sur and Catalina if you have older clients then add Kernel Extension as well.

General

0228e1b1d06f469da1c387c2f6042d16

Notifications (Jamf Pro 10.27.0)

Bundle ID: com.bitdefender.endpointsecurityformac

cb9ab5d8c1c94cbc8371c80e5f390fd9

Privacy Preference Policy Control

Identifier: com.bitdefender.EndpointSecurityforMac
Identifier Type: Bundle ID
Code Requirement: identifier "com.bitdefender.EndpointSecurityforMac" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
APP OR SERVICE: SystemPolicyAllFiles
ACCESS: Allow
Identifier: /Library/Bitdefender/AVP/BDLDaemon
Identifier Type: Path
Code Requirement: identifier BDLDaemon and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y
APP OR SERVICE: SystemPolicyAllFiles
ACCESS: Allow
Identifier: com.bitdefender.epsecurity.BDLDaemonApp
Identifier Type: Bundle ID
Code Requirement: anchor apple generic and identifier "com.bitdefender.epsecurity.BDLDaemonApp" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)
APP OR SERVICE: SystemPolicyAllFiles
ACCESS: Allow

440ba1cc33634988ac86160b94035562

5873647a63f94d269d059c3e273f82f8

System Extension

Display Name: Bitdefender
System Extension Types: Allowed System Extensions
Team Identifier: GUNFMW623Y
ALLOWED SYSTEM EXTENSIONS: com.bitdefender.cst.net.dci.dci-network-extension

d426d85304444426b0e808107c404df7

Content Filter

Filter Name: Bitdefender
Identifier: com.bitdefender.epsecurity.BDLDaemonApp
Network Filter Bundle Identifier: com.bitdefender.cst.net.dci.dci-network-extension
Network Filter Designated Requirement: anchor apple generic and identifier "com.bitdefender.cst.net.dci.dci-network-extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GUNFMW623Y)

3e3675ea33824250a6f747c395aa064f

Hope this is helpful.

user-bQMbefsPzK
New Contributor

Has anyone tried generating a SSL cert as noted here (notably talking about iOS)?
https://www.bitdefender.com/support/creating-security-certificates-1217.html

user-bQMbefsPzK
New Contributor

Anyone had success with this? After a few rounds of emails back and forth with BitDefender - they've advised that the end-user must manually trust the cert which is frustrating. Certainly, there must be another way?

MacJunior
Contributor

Anybody is having issues with installing the latest packages from Bitdefender using Jamf Pro? they have now a pkg for intel Macs and another one for M1 Macs.

31988e023bfb4debac88cd4e95bea212

FrogOnABike
New Contributor

I've also hit this issue - Thankfully we don't actually make use of Content Control which got me wondering why the hell it was showing as a loaded module even though it's disabled!

I did a reconfigure on the client and it's now not showing the Content Control in the BEST main window.
I then created a new Package for Mac OS deployment without the CC module in there and noticed that the download URL differed from the original one I was using.
I've now updated the installer script in Jamf Pro to use that installer and hope it removes this prompt 🙂
I know it's not ideal if you do use CC but may provide some help for those who don't use it.

stephenb
New Contributor III

Do you folks have any ticket numbers that can be referenced for the SSL cert trust issues? I'm going to log a ticket about this too, and it would be worth adding additional weight.