Deploy Bitdefender Endpoint Security as a Custom App

By Andrew Merrick


Learn how to deploy Bitdefender Endpoint Security to your macOS devices as a custom app

Prerequisites

  • Download the bitdefender_settings.mobileconfig file from the Kandji Support GitHub repo. You can right-click the link and select Save link as ... to download the mobileconfig file directly.

    • This configuration profile enables Notifications, System Extensions, and Privacy Preferences (PPPC) to have Full Disk Access, the Bitdefender SSL cert, and a Network content filter for Bitdefender.

    • There is also a profile that includes the Bitdefender Kernel Extension if you have Mac computers running macOS Catalina or older (With-Kext Profile).

  • Copy the bitdefender_ae_script.zsh script from the Kandji Support GitHub repository (BitDefender Audit and Enforce Script).

  • Download the Bitdefender installer packages and install.xml file from your Bitdefender portal.

If you have a mixed environment of both Intel and Apple Silicon Mac computers, you will need to download both the macOS kit (Intel x86) and  macOS kit (Apple Silicon) packages, but you will only need to include one of the install.xml files. 

The post-install script used in this guide will account for both installer types.
				

If you are only deploying to one architecture, you will still need that install package and the included install.xml file.

Custom Configuration Profile

  1. Create a Custom Configuration Profile in Kandji by selecting Library > Add New > Custom Profile > Add & Configure.

  2. Give the custom profile the following name: Bitdefender Settings.

  3. Assign the library item to a Blueprint.

    1. It is generally good practice to assign a new library item to a testing Blueprint to ensure that everything functions as expected.

  4. Set Device Families to Mac.

  5. Upload the bitdefender_settings.mobileconfig file to Kandji as a custom configuration profile. This profile will automatically grant Privacy settings for Accessibility and Full Disk Access and enable Notifications.

  6. Click Save.

Zipping the installer files

Before uploading the installer files to Kandji, you will need to zip them up together first.

  1. Go to the Bitdefender installer files that you downloaded from the Bitdefender console earlier. If you downloaded a DMG file then you may need to mount it first and then pull the installer files out.

  2. Put the installer package(s) and installer.xml file in the same location, such as your Desktop. Only one installer.xml file is needed and either the one from the intel download or the arm download will work.

  3. Select all of the files at one time

  4. Now, hold the Control(⌃) key and click on the selected files. Then, in the menu, click Compress. You should see a dialog showing the compression progress.

  5. An Archive.zip file should be created in the same directory. Feel free to rename the file to something like bitdefender_install.zip This is the file that will be uploaded to Kandji in the next section.

Custom App

  1. Create a Custom App in Kandji by Selecting Library > Add New > Custom App > Add & Configure.

  2. Give the Custom App a name. Example: Bitdefender.

  3. Assign to a test Blueprint.

  4. Change the installation type to Audit and Enforce.

  5. Copy and paste the bitdefender_ae_script.zsh script from earlier into the Audit & Enforce text box. No modification is needed.

  6. Select ZIP File (unzip contents into specified directory) as the deployment type.

  7. Define /var/tmp as the Unzip Location.

  8. Upload the zip file you created earlier (bitdefender_install.zip in this example).

  9. Click Add Postinstall Script and paste the post-install script from below.

  10. Click Save in the bottom right.

Post-install script

#!/usr/bin/env zsh

#
# Postinstall script for bitdefender
#

# Package name
# This is the name of the package that is contained in the zip file
PKG_NAME="antivirus_for_mac.pkg" # Intel package name
AS_PKG_NAME="antivirus_for_mac_arm.pkg" # Apple Silicon package name

# Kandji unzip path
# This should reflect the unzip file path defined in the custom app library item
UNZIP_PATH="/var/tmp"

###################################################################################################
############################ MAIN - DO NOT MODIFY BELOW ###########################################
###################################################################################################

# Determine the processor brand
processor_brand=$(/usr/sbin/sysctl -n machdep.cpu.brand_string)

if [[ "${processor_brand}" == *"Apple"* ]]; then
 /bin/echo "Apple Processor is present..."

 # make sure that the file exists at the defined path
 if [[ -e "$UNZIP_PATH/$AS_PKG_NAME" ]]; then
 /bin/echo "Installing $AS_PKG_NAME"
 /usr/sbin/installer -pkg "$UNZIP_PATH/$AS_PKG_NAME" -target /
 else
 /bin/echo "Could not find $UNZIP_PATH/$AS_PKG_NAME"
 exit 1
 fi

else
 /bin/echo "Apple Processor is not present..."

 # make sure that the file exists at the defined path
 if [[ -e "$UNZIP_PATH/$PKG_NAME" ]]; then
 /bin/echo "Installing $PKG_NAME"
 /usr/sbin/installer -pkg "$UNZIP_PATH/$PKG_NAME" -target /
 else
 /bin/echo "Could not find $UNZIP_PATH/$PKG_NAME"
 exit 1
 fi

fi

# cleanup
/bin/rm -Rf "$UNZIP_PATH/$PKG_NAME" "$UNZIP_PATH/$AS_PKG_NAME" "$UNZIP_PATH/installer.xml"

exit 0