Configuring Endpoint Protection remotely via Jamf Pro - TeamViewer Support
<main> <article class="userContent"> <p><br></p><h2 data-id="general">General</h2><div class="blockquote"><div class="blockquote-content"><p class="blockquote-line"><em>This article applies to all TeamViewer Endpoint Protection customers which use Jamf Pro as a MDM solution.</em></p></div></div><p>This is a small guide on how to manage permissions for <strong>TeamViewer Endpoint Protection</strong> macOS using <strong>Jamf Pro MDM</strong></p><p><strong>TeamViewer Endpoint Protection</strong> can be rolled out remotely from the <strong>TeamViewer Management Console</strong> if <strong>TeamViewer Client or Host</strong> is already installed on the target devices. After the activation of TeamViewer endpoint protection some permissions require manual user confirmation in order to allow for the Full Disk Scanning and Real Time Protection modules to work and scan the entire machine. </p><p><br></p><h3></h3><h2 data-id="requirements">Requirements</h2><p>There are some preconditions, that you must meet, so that you can use Aprove remotely The <strong>Kernel Extension</strong> and <strong>Full Disk</strong> access using <strong>Jamf Pro 10.X MDM.</strong></p><ul><li>You need a full <strong>TeamViewer Client or Host</strong> already installed.</li><li><strong>Jamf Pro 10.x</strong> already configured on the device(s)</li><li><strong>TeamViewer Endpoint Protection</strong> already activated<ul><li>You can pre-aprove the settings even before activation however we recommend to activate before and then push the settings afterwards.</li></ul></li></ul><p><br></p><h3 data-id="-1"></h3><h2 data-id="allow-the-kernel-extension">Allow the Kernel Extension </h2><p>The <strong>Kernel Extension</strong> is used starting with macOS 10.13 and it will be removed starting with 10.16. It is used to allow for the<strong> Real Time Protection</strong> to access the necessary paths on the system for scanning. The <strong>Kernel Extension</strong> is signed by Bitdefender S.R.L. our technology partner.</p><ol><li>Log in to <strong>Jamf Pro.</strong></li><li>Go to <strong>Computers → Configuration Profiles → New</strong> or use existing profile.</li><li>Scroll down to <strong>Approved Kernel Extensions</strong></li><li>Enter a <strong>Display Name: BitDefender</strong> and <strong>Team ID: GUNFMW623Y</strong></li></ol><div class="embedExternal embedImage display-medium float-none"> <div class="embedExternal-content"> <a class="embedImage-link" href="https://us.v-cdn.net/6032394/uploads/SWICAT0GFHYA/image.png" rel="nofollow noreferrer noopener ugc" target="_blank"> <img class="embedImage-img" src="https://us.v-cdn.net/6032394/uploads/SWICAT0GFHYA/image.png" alt="image.png" height="228" width="400" loading="lazy" data-display-size="medium" data-float="none"></img></a> </div> </div> <p><br></p><h3 data-id="-2"></h3><h2 data-id="allow-full-disk-access">Allow Full Disk Access</h2><p>The <strong>Full Disk</strong> access is required starting with macOS 10.14 as part of the new security and privacy changes Apple introduced. It is used to allow for allowing the application to perform full disk scans. </p><p>1) Log in to <strong>Jamf Pro.</strong></p><p>2) Go to <strong>Computers → Configuration Profiles → New</strong> or use existing profile.</p><p>3) Go to <strong>Privacy Preference Policy Control</strong></p><p>4) Create a <strong>New App Access</strong> payload</p><ul><li>Identifier: <strong>com.teamviewer.rm.endpointprotection</strong></li><li>Identifier Type: <strong>Bunddle ID</strong></li><li> Requirements</li></ul><pre class="code codeBlock" spellcheck="false" tabindex="0"> anchor apple generic and identifier "com.teamviewer.rm.endpointprotection" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = H7UGFBUGV6) </pre><ul><li>App or Service: <strong>Accessibility</strong></li><li>Access: <strong>Allow</strong></li><li>Save </li></ul><div class="embedExternal embedImage display-medium float-none"> <div class="embedExternal-content"> <a class="embedImage-link" href="https://us.v-cdn.net/6032394/uploads/SYNUGY754N2H/image.png" rel="nofollow noreferrer noopener ugc" target="_blank"> <img class="embedImage-img" src="https://us.v-cdn.net/6032394/uploads/SYNUGY754N2H/image.png" alt="image.png" height="227" width="400" loading="lazy" data-display-size="medium" data-float="none"></img></a> </div> </div> <p><br></p><p>💡<strong>Hint</strong>: for more information you can read Jamf Pro documentation here:</p><div class="js-embed embedResponsive" data-embedjson="{"body":"","url":"https:\/\/www.jamf.com\/jamf-nation\/articles\/553\/preparing-your-organization-for-user-data-protections-on-macos-10-14","embedType":"link","name":"Jamf Nation"}"> <a href="https://www.jamf.com/jamf-nation/articles/553/preparing-your-organization-for-user-data-protections-on-macos-10-14" rel="nofollow noreferrer ugc"> https://www.jamf.com/jamf-nation/articles/553/preparing-your-organization-for-user-data-protections-on-macos-10-14 </a> </div><p><br></p> </article> </main>
