Hello,
Thanks for the deployment walkthrough on Windows devices. It was really insightful. Our teams were wondering if you could help us with the macOS deployment too.
Thanks in advance.
16 Views
Replies (1)
Marked SolutionPending Review
Hexnode Expert
1 day ago
Marked SolutionPending Review
Hello,
Thank you for reaching out to Hexnode Connect. I’ll walk you through the steps of deploying ESET Endpoint products via Hexnode.
Before proceeding, ensure your macOS device is enrolled in Hexnode UEM and that you have a valid ESET account with the required subscription.
Steps to deploy ESET Endpoint products on macOS
Custom installation script for ESET applications
The following script installs the ESET Endpoint Antivirus or the ESET Endpoint Security application on the Mac. The following arguments can be passed for installation to work.
- Argument 1 (Required): Type EES (if you are installing ESET Endpoint Security) or EEA (if you are installing ESET Endpoint Antivirus).
- Argument 2 (Optional): Specify the 20-digit alphanumerical license key in the format “XXXX-XXXX-XXXX-XXXX”.
- Argument 3 (Optional): Specify HTTP Proxy in the format: http://10.1.0.100:3425.
There are two methods to pass the argument to the script:
- Update the script by replacing the placeholder variables Prod=””, KEY=””, and eraa_http_proxy_value=”” with the appropriate values provided above. Ensure the values are entered in the same order and format as used in the script.
- Under the Execute Custom Script action, enter the three arguments (in the same order mentioned above) separated by a space in the Arguments section.
Deploy the following installation script to macOS devices using the Execute Custom Script remote action:
A few note points to remember:
- For the devices running on Apple silicon chipsets, Rosetta 2 should be installed on the device for the script to execute successfully.
- Ensure there are no other installation policies assigned to the devices for earlier versions of ESET security solutions.
- ESET applications deployed via the required apps policy may return ‘error 1001,’ as these applications require installation scripts for successful installation. These scripts cannot be deployed via the required apps policy.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
#!/bin/bash Prod_P=$1 Lic_P=$2 Proxy_P=$3 Prod="" KEY="" eraa_http_proxy_value="" if [ -z "$Prod_P" ] && [ -z "$Prod" ] ; then echo 'No product selected please specify EEA or EES' & exit 1; fi if test -n "$Prod"; then Prod="$(echo $Prod | tr "[:lower:]" "[:upper:]")" fi if test -n "$Prod_P"; then Prod="$(echo $Prod_P | tr "[:lower:]" "[:upper:]")" fi if test -n "$Lic_P"; then KEY=$Lic_P fi if test -n "$Proxy_P"; then eraa_http_proxy_value=$Proxy_P fi files2del="$(mktemp -q /tmp/XXXXXXXX.files)" dirs2del="$(mktemp -q /tmp/XXXXXXXX.dirs)" echo "$dirs2del" >> "$files2del" dirs2umount="$(mktemp -q /tmp/XXXXXXXX.mounts)" echo "$dirs2umount" >> "$files2del" finalize() { set +e echo "Cleaning up:" if test -f "$dirs2umount" then while read f do sudo -S hdiutil detach "$f" done < "$dirs2umount" fi if test -f "$dirs2del" then while read f do test -d "$f" && rmdir "$f" done < "$dirs2del" fi if test -f "$files2del" then while read f do unlink "$f" done < "$files2del" unlink "$files2del" fi } trap 'finalize' HUP INT QUIT TERM EXIT if [ $Prod == EEA ]; then DMG=eea_osx_en.dmg URL=http://download.eset.com/com/eset/apps/business/eea/mac/latest/eea_osx_en.dmg APP=Antivirus fi if [ $Prod == EES ]; then DMG=ees_osx_en.dmg URL=http://download.eset.com/com/eset/apps/business/ees/mac/latest/ees_osx_en.dmg APP=Security fi if ! [[ $Prod =~ (EEA|EES) ]]; then echo 'No valid product selected please specify EEA or EES' && exit 1; fi local_ESET_dmg="$(mktemp -q -u /tmp/ESETInstaller.dmg.XXXXXXXX)" echo "Downloading ESET Endpoint $APP installer image '$URL':" if test -n "$eraa_http_proxy_value" then export use_proxy=yes export http_proxy="$eraa_http_proxy_value" (curl --connect-timeout 300 --insecure -o "$local_ESET_dmg" "$URL" || curl --connect-timeout 300 --noproxy "*" --insecure -o "$local_ESET_dmg" "$URL") && echo "$local_ESET_dmg" >> "$files2del" else curl --connect-timeout 300 --insecure -o "$local_ESET_dmg" "$URL" && echo "$local_ESET_dmg" >> "$files2del" fi if [ ! -f $local_ESET_dmg ]; then exit 1 ; fi test -d '/Library/Application Support/ESET/esets/cache' || mkdir -p '/Library/Application Support/ESET/esets/cache' touch '/Library/Application Support/ESET/esets/cache/do_not_launch_esets_gui_after_installation' local_ESET_mount="$(mktemp -q -d /tmp/ESETInstaller.mount.XXXXXXXX)" && echo "$local_ESET_mount" | tee "$dirs2del" >> "$dirs2umount" echo "Mounting image '$local_ESET_dmg':" && sudo -S hdiutil attach "$local_ESET_dmg" -mountpoint "$local_ESET_mount" -nobrowse local_ESET_pkg="$(ls "$local_ESET_mount"/Resources/ | grep "\.pkg$" | tail -n 1)" SigCheck="$(pkgutil --check-signature "$local_ESET_mount/Resources/$local_ESET_pkg" | grep -o "ESET, spol. s r.o. (P8DQRXPVLP)")" if [ "$SigCheck" == "ESET, spol. s r.o. (P8DQRXPVLP)" ]; then echo "Signature check Passed" echo "$SigCheck" echo "Installing package '$local_ESET_mount/Resources/$local_ESET_pkg':" && sudo -S installer -pkg "$local_ESET_mount/Resources/$local_ESET_pkg" -target / else echo "Signature check failed" echo "$SigCheck" exit 1 fi sleep 10 if test -n "$KEY"; then /Applications/ESET\ Endpoint\ $APP.app/Contents/MacOS/esets_daemon --wait-respond --activate "key=$KEY" fi exit 0 |
Additional app configurations
Upon successful installation, you need to configure System Extensions, Kernel Extensions and PPPC settings for the ESET security solutions to function properly on the devices. Kernel Extensions must be configured only if your device runs on macOS 10.14 and below. Follow the below steps for deploying the ESET security products:
- Navigate to Policies > Device Policies > New Policies. Select to create a New policy, choose macOS, and click Next.
- Choose the policy type as Enterprise and click Next.
- Give a Policy Name and Description (optional) of your preference.
- To configure System Extensions,
- Select System Extensions from the left menu and click on Configure.
- Under Systems Extensions, enter the Team Identifier P8DQRXPVLP, provide the following bundle identifiers, “com.eset.endpoint, com.eset.network, com.eset.firewall, com.eset.devices” and click on Add.
- To configure Kernel Extensions,
- Select Kernel Extensions from the left menu and click on Configure.
- Under Team Identifier, enter P8DQRXPVLP as the Team ID and click on Add.
- To configure PPPC,
- Select Privacy Preferences from the left menu and click on Configure.
- Select +Add new preferences.
- Set the All Files option to Allow.
- Click on Specify Bundle IDs/Path.
- Full Disk Access needs to be given for the following components:
- ESET Endpoint Antivirus-
Title Identifier Identifier Type Code Requirement Main Product Identifier EEA com.eset.eea.6 Bundle ID identifier “com.eset.eea.6” and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP Device Identifier com.eset.devices Bundle ID identifier “com.eset.devices” and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP Realtime Identifier com.eset.endpoint Bundle ID identifier “com.eset.endpoint” and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP - ESET Endpoint Security-
Title Identifier Identifier Type Code Requirement Main product identifier EES com.eset.ees.6 Bundle ID identifier “com.eset.ees.6” and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP Device Identifier com.eset.devices Bundle ID identifier “com.eset.devices” and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP Realtime Identifier com.eset.endpoint Bundle ID identifier “com.eset.endpoint” and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P8DQRXPVLP
- ESET Endpoint Antivirus-
- Additionally, you can configure VPN and firewall settings based on your requirements through Hexnode UEM for added security.
- To associate the policy with your devices, navigate to Policy Targets, select all your required devices, and click on Save.
License the Product using Custom Scripting
If the license key is not mentioned in the script, use the following script to activate the product on the device. Replace YOUR_LICENSE_KEY in the script with your 20-digit alphanumeric license key and execute this script using either the Execute Custom Script remote action or the Live Terminal.
- ESET Endpoint Antivirus:
sudo /Applications/ESET\ Endpoint\ Antivirus.app/Contents/MacOS/esets_daemon --wait-respond --activate "key=YOUR_LICENSE_KEY" - ESET Endpoint Security:
sudo /Applications/ESET\ Endpoint\ Security.app/Contents/MacOS/esets_daemon --wait-respond --activate "key=YOUR_LICENSE_KEY"
After executing the command, the ESET product will be activated using the provided license key.
Steps to be completed from the device
Upon successful execution of the custom installation script, the chosen application in the argument will be downloaded and installed.
After successfully activating the product, the device may require additional setup steps, such as installing necessary modules or prompting network content filtering permissions, to finalize the activation process. Once the setup is complete, you can verify successful activation by opening the application.
Uninstalling ESET applications (optional)
To uninstall ESET applications:
- Log in to the ESET business portal.
- Click on Activated devices in the left panel to see the list of devices with ESET products activated using your licenses.
- Select the devices you want to uninstall ESET applications from by clicking on the corresponding checkboxes.
- Click DEACTIVATE at the bottom of the screen. A warning will appear to confirm the action; click DEACTIVATE again.
- The ESET product is now deactivated on the respective devices. Execute the following scripts to remotely uninstall ESET products on macOS devices. These scripts can be executed using either the Execute Custom Script remote action or the Live Terminal.
- ESET Endpoint Antivirus:
sudo /Applications/ESET\ Endpoint\ Antivirus.app/Contents/Helpers/Uninstaller.app/Contents/Scripts/uninstall.sh - ESET Endpoint Security
sudo /Applications/ESET\ Endpoint\ Security.app/Contents/Helpers/Uninstaller.app/Contents/Scripts/uninstall.sh
- ESET Endpoint Antivirus:
The ESET products will be uninstalled successfully.
I hope this helps. If you have any queries, feel free to reach out; we’d be happy to help.
Best regards,
George
Hexnode UEM
Save
