Category filter

How to deploy Bitdefender to your Macs using Hexnode UEM?

Bitdefender is a cybersecurity solution that protects devices from risks such as viruses, malicious software, ransomware, and phishing attacks. The device management capabilities provided by the Bitdefender GravityZone enable IT administrators to efficiently manage security policies and monitor threats across the organization’s devices. Hexnode UEM allows you to remotely install and deploy the Bitdefender app to provide threat protection to your Macs. The following sections give a detailed explanation of how to deploy Bitdefender to your Macs using Hexnode UEM.

Steps to deploy Bitdefender

Custom script for app installation

  1. Create an installation package on your Bitdefender GravityZone portal. Navigate to Network > Installation Packages > Create, where you can create your package according to your requirements and click Save.
  2. Now select the package you have created and click on the option Send Download Links.

  3. Copy the macOS downloader link provided in the subsequent window. Paste this link into the designated Download URL section within the following Bitdefender installation script:

  4. Required configurations

    To ensure seamless operation of the Bitdefender app on your devices, it is essential to configure System Extensions, Privacy Preferences Policy Control (PPPC), Notification Permissions, and an SSL certificate. Use the following configuration profile that contains all these settings configured together.

    1. After installing Bitdefender Endpoint Security on a Mac, an SSL certificate is required for its proper functionality. The Bitdefender agent will prompt the local user to install the certificate to enable SSL protection. You can include the SSL certificate in this configuration profile to simplify this process.
    2. To create an SSL Certificate,
      • In the GravityZone portal, set an uninstall password for the endpoints to which you wish to deploy the certificate.
      • In Terminal, create a PEM certificate with the associated private key. Example of command line to create the PEM certificate:


        Make sure the name of the certificate that you create (the value for CN in the command line) is different from “Bitdefender CA SSL”, which is the name of the default certificate.

        Example: CN=MyCertificate CA SSL

      • In Terminal, create the PFX certificate named certificate.pfx using the PEM and KEY files from the previous step.
        Example of command line to create the certificate.pfx file:
      • Now you will be prompted in Terminal for a password. Make sure you enter the MD5 hash of the uninstall password set in the Bitdefender GravityZone portal.


        You can calculate MD5 using the command md5 -s password in Terminal. Replace the password with the uninstall password.

      • Navigate to the directory where the generated certificate is located. You can use the “cd” command to do this. For instance, if the certificate is on the Desktop, you would enter the following command in the terminal:
      • Now execute the following command to encode your .pfx certificate.
      • A .txt file containing the encoded certificate will now be saved in the same location as the .pfx file. Open this file, copy the 64-bit code, and paste it into the EncodedCertificateValue field in the configuration profile provided below: