Technical Support

Need help?

 

How to whitelist Panda Endpoint for Mac system/kernel extensions using Jamf Pro 10.x

Information applies to:

Products
Panda Adaptive Defense 360 on Aether PlatformPanda Adaptive Defense on Aether Platform
Panda Endpoint Protection on Aether PlatformPanda Endpoint Protection Plus on Aether Platform

After installing Panda Endpoint for macOS manually or remotely, the user is prompted to approve the Panda kernel/system extension on their macOS and the FDA (Full Disk Access) in the case of Catalina 10.15 and higher.

Until the user approves this kernel/system extension and FDA (in Catalina or higher), the protection will not work.

You can pre-approve the Panda kernel/system extension and FDA and thus eliminate user intervention by whitelisting the kernel/system extension using a Mobile Device Management tool such as Jamf Pro. This feature is supported starting with macOS 10.13.2 and Jamf Pro version 10.28.0.

The procedure implies creating and applying an MDM configuration profile in Jamf Pro 10.28.x that whitelists the kernel/system extension and FDA to the target computers. Please note that the computers must have the User Approved MDM status.

  1. Click on the Configuration profiles on the left side menu and fill in the required information under General.



  2. Scroll down under Configuration Profiles option and select Privacy Preferences Policy Control, This will require to enter the Team Identifier and Bundle ID. Use the terminal command below to access the required information:

    codesign -dr - /Applications/Management-Agent.app for Management Agent

    Output:

    Executable=/Applications/Management-Agent.app/Contents/MacOS/AgentSvc
    designated => identifier ManagementAgent and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = D3U2N4A6J7

    codesign -dr - /Applications/Endpoint-Protection.app for the protection

    Output:

    Executable=/Applications/Endpoint-Protection.app/Contents/MacOS/psuaconsole
    designated => identifier "com.protection.agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = D3U2N4A6J7

    Example below:



  3. For the next step, click on the Approved Kernel Extensions. The name of the kernel extension is required for Mojave and older OSX systems. In order to gather the name of the kernel extension, the following terminal command can be used:

    kextstat | grep -v com.apple

    This will show all third party kernel extensions installed. The kernel extension will usually look like protection_agent.



  4. In the case of 10.15 and later, click on Extensions under the Configuration Profiles menu and like in the previous process, add the system extensions. This process offers three different options for the system extension approval. You can choose Allowed System Extensions and fill the required information. You can use the following command to access the Team Identifier and system extension on a system with the protection already installed. The terminal command is as follows:

    systemextensionsctl list


    Once you have the information, fill in the required boxes with com.protection.agent.next and com.protection.agent like in this illustration:

Related Articles
Permissions required to enable the Panda protection in macOS


Help nº- 20240326 700101 EN
ALWAYS ONLINE TO HELP YOU TWITTER FORUM
ALWAYS ONLINE TO HELP YOU TWITTER FORUM