After installing Panda Endpoint for macOS manually or remotely, the user is prompted to approve the Panda kernel/system extension on their macOS and the FDA (Full Disk Access) in the case of Catalina 10.15 and higher.

Until the user approves this kernel/system extension and FDA (in Catalina or higher), the protection will not work.

You can pre-approve the Panda kernel/system extension and FDA and thus eliminate user intervention by whitelisting the kernel/system extension using a Mobile Device Management tool such as Jamf Pro. This feature is supported starting with macOS 10.13.2 and Jamf Pro version 10.28.0.

The procedure implies creating and applying an MDM configuration profile in Jamf Pro 10.28.x that whitelists the kernel/system extension and FDA to the target computers. Please note that the computers must have the User Approved MDM status.

1. Click on the Configuration profiles on the left side menu and fill in the required information under General.
   
   
   
   
2. Scroll down under Configuration Profiles option and select Privacy Preferences Policy Control, This will require to enter the Team Identifier and Bundle ID. Use the terminal command below to access the required information:
   
   codesign -dr - /Applications/Management-Agent.app for Management Agent
   
   Output:
   
   Executable=/Applications/Management-Agent.app/Contents/MacOS/AgentSvc
   designated => identifier ManagementAgent and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = D3U2N4A6J7
   
   codesign -dr - /Applications/Endpoint-Protection.app for the protection
   
   Output:
   
   Executable=/Applications/Endpoint-Protection.app/Contents/MacOS/psuaconsole
   designated => identifier "com.protection.agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = D3U2N4A6J7
   
   Example below:
   
   
   
   
3. For the next step, click on the Approved Kernel Extensions. The name of the kernel extension is required for Mojave and older OSX systems. In order to gather the name of the kernel extension, the following terminal command can be used:
   
   kextstat | grep -v com.apple
   
   This will show all third party kernel extensions installed. The kernel extension will usually look like protection_agent.
   
   
   
   
4. In the case of 10.15 and later, click on Extensions under the Configuration Profiles menu and like in the previous process, add the system extensions. This process offers three different options for the system extension approval. You can choose Allowed System Extensions and fill the required information. You can use the following command to access the Team Identifier and system extension on a system with the protection already installed. The terminal command is as follows:
   
   systemextensionsctl list
   
   Once you have the information, fill in the required boxes with com.protection.agent.next and com.protection.agent like in this illustration:
   
   

Related Articles
Permissions required to enable the Panda protection in macOS