This is a small guide on how to manage permissions for TeamViewer Endpoint Protection macOS using Jamf Pro MDM
TeamViewer Endpoint Protection can be rolled out remotely from the TeamViewer Management Console if TeamViewer (Classic) or Host is already installed on the target devices. After the activation of TeamViewer endpoint protection some permissions require manual user confirmation in order to allow for the Full Disk Scanning and Real Time Protection modules to work and scan the entire machine.
This article applies to all TeamViewer Endpoint Protection customers which use Jamf Pro as a MDM solution.
Requirements
There are some preconditions, that you must meet, so that you can use Aprove remotely The Kernel Extension and Full Disk access using Jamf Pro 10.X MDM.
- You need a full TeamViewer (Classic) or Host already installed.
- Jamf Pro 10.x already configured on the device(s)
- TeamViewer Endpoint Protection already activated
- You can pre-aprove the settings even before activation however we recommend to activate before and then push the settings afterwards.
Allow the Kernel Extension
The Kernel Extension is used starting with macOS 10.13 and it will be removed starting with 10.16. It is used to allow for the Real Time Protection to access the necessary paths on the system for scanning. The Kernel Extension is signed by Bitdefender S.R.L. our technology partner.
- Log in to Jamf Pro.
- Go to Computers → Configuration Profiles → New or use existing profile.
- Scroll down to Approved Kernel Extensions
- Enter a Display Name: BitDefender and Team ID: GUNFMW623Y
Allow Full Disk Access
The Full Disk access is required starting with macOS 10.14 as part of the new security and privacy changes Apple introduced. It is used to allow for allowing the application to perform full disk scans.
1) Log in to Jamf Pro.
2) Go to Computers → Configuration Profiles → New or use existing profile.
3) Go to Privacy Preference Policy Control
4) Create a New App Access payload
- Identifier: com.teamviewer.rm.endpointprotection
- Identifier Type: Bunddle ID
- Requirements
anchor apple generic and identifier "com.teamviewer.rm.endpointprotection" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = H7UGFBUGV6)
- App or Service: Accessibility
- Access: Allow
- Save
💡Hint: for more information you can read Jamf Pro documentation here: