New system extensions for Bitdefender

New Contributor III


Bitdefender has activated a new web content control module in the Endpoint Security app, which now results in the end user having to approve a system extension.

I have tried to add the below approved system extensions in a config profile, but they still show up. What else can I do?



Not quite...

  1. Do not make the downloader app to your package.  
  2. Package JUST the certificate you created in /Library/DeployCert.
  3. Add the package to your policy.
  4. Add the script to your policy to run AFTER, and fill $4 and $5.
  5. Ensure your configuration profile is installed on the device before you push the policy.

New Contributor

Hi Kamal. Great work there. I did indeed notice that generating the .pfx file was missing in their steps. But it's sloppy work still. I've also created a package deploying the cert to /Library/DeployCert, but nothing around why we do that?

Mine still doesnt work. I get the SSL warning in BitDefender. The cert is in my Keychain and trusted, but Bitdefender doesn't seem to know how to use it. It tried including it in my Content filer profile and selecting it for use there, but that didn't work either. PPPCs and Sys Extension are working, just missing the SSL. Did you create a separate config for it and do we reference the /Library/DeployCert anywhere else?

All the best, Ulrik 

Hi Ulrik,

When enforcing the cert via Configuration Profile, did you check the box to allow all apps to use the cert?

I am guessing, that Endpoint Security app will look for /Library/DeployCert as part of its installation instructions in the XML file with the installer.  So make sure you deploy the pfx first and be sure the permissions are set correctly in composer.


New Contributor

Hi Greatkemo, yes I did allow all apps to access and I did check that all permissions were correct. I haven't tried reinstalling everything. With the Bitdefender Cert it just registers when you add or remove, so didn't think to try from the begenning, will try that. 👍🏼 


New Contributor

Hi all,

Any update on the SSL warning in BitDefender? I'm still stuck at this part.Screenshot 2022-07-06 at 10.35.29 AM.png

Hi Hung_cheng. Well, I have one deployment where this worked as expected. I did everything as described and the cert I had generated in Terminal pushed out fine and was used in stead of the Bitdefender one. 
But with another customer, it just won’t work. I don’t have access to this other customers bitdefender portal, so I could only check the xml files and as far as I can tell, the Only major difference is that the one that doesnt work, seems to be pulling something from a local address (172.X.X.X) I don’t know it that applies for you?

New Contributor

I tried following SSL certificate deployment through Jamf Pro steps to deploy the SSL certificate, but still no luck on this. Seems the SSL certificate has different serial number on different users. 

New Contributor

I've same issu with ssl certificat if we active the traffic scan ssl network... like this case


Any idea ?