Scribd Logo
Upload

Welcome to Scribd!

  • 10 views

    Endpoint Protector 5 JAMF Deployment User Manual EN

    Uploaded by

    test.mail.for.alg

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Endpoint Protector 5 JAMF Deployment User Manual EN

    Uploaded by

    test.mail.for.alg
    10 views11 pages

    Original Title

    Endpoint_Protector_5_JAMF_Deployment_User_Manual_EN

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    10 views11 pages

    Endpoint Protector 5 JAMF Deployment User Manual EN

    Uploaded by

    test.mail.for.alg

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 11

    JAMF Deployment User Manual Version 5.3.0.

    User Manual
    I | Endpoint Protector | User Manual

    Table of Contents

    1. Introduction ............................................ 1
    2. Deployment using Policies and Scripts ........ 6
    3. Disclaimer .............................................. 9
    1 | Endpoint Protector | User Manual

    1. Introduction

    Since the release of macOS 11.0 changes have been made in regard to system
    extensions and now it is allowed for endpoint security solutions to function
    without requiring kernel-level access.

    This affects the deployment of the Endpoint Protector Client on all Macs using
    11.0 or later.

    Companies can use third party deployment tools such as JAMF and others. For
    those using JAMF in particular, the steps are as followed:

    1. Login to JAMF Pro account

    2. Go to Computers > Configuration Profile tab, create a new profile and


    add a name to it

    3. Under the Private Preferences Policy Control tab, press the Configure
    button

    4. Fill in the requested information, as follows:

    Endpoint Protector Client Identifier: com.cososys.eppclient


    2 | Endpoint Protector | User Manual

    Endpoint Protector Client Type: Bundle ID

    Endpoint Protector Client Code Requirement: anchor apple generic


    and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and
    certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and
    certificate leaf[subject.OU] = TV3T7A76P4

    Validate the Static Code Requirement: check it

    Proceed by adding allow access to SystemPolicyAllFiles and Accessibility.

    6.1 For EasyLock Enforced Encryption, also fill in the following:

    EasyLock Identifier: com.cososys.easylock

    EasyLock Identifier Type: Bundle ID

    EasyLock Code Requirement: anchor apple generic and


    certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and
    certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and
    certificate leaf[subject.OU] = TV3T7A76P4

    Validate the Static Code Requirement: check it

    Proceed by adding allow access to SystemPolicyAllFiles and


    Accessibility.
    3 | Endpoint Protector | User Manual

    5. For Deep Packet Inspection extra steps are needed, otherwise assign a
    scope, and wait for the Private Preferences Policy Control to be deployed.

    6. Log in Endpoint Protector Server and go to System Configuration ->


    System Settings -> Deep Packet Inspection Certificate and download the
    Client CA Certificate.
    4 | Endpoint Protector | User Manual

    7. Go again to Computers -> Configuration tab, click on Certificate ->


    Configure -> Upload the downloaded Client CA Certificate in.cer format.

    8. Under Configuration Profiles configure System Extensions options:

    8.1 Display Name: enter the optional configuration name.

    8.2 System Extension Type: choose Allow System Extension.

    8.3 Team Identifier: complete TV3T7A76P4.

    8.4 Allowed System Extensions: insert com.cososys.eppclient.

    8.5 Save the changes.


    5 | Endpoint Protector | User Manual

    9. Assign a scope and wait for the Configuration Profile to be deployed.

    After the Configuration Profile has been successfully deployed, you can proceed
    to the Endpoint Protector Client Deployment described in the following chapter.
    6 | Endpoint Protector | User Manual

    2. Deployment using Policies


    and Scripts

    Follow the steps described below to deploy the Endpoint Protector Client using
    JAMF policies:

    1. With your prefer text editor, open the epp_change_ip.sh script, received
    from Endpoint Protector

    2. Add the required Server IP (EPP_SERVER_ADDRESS)

    Information
    If additional branding is required, the EPP_SERVER_PORT and
    EPP_DEPARTMET CODE can also be changed.

    Note
    Some text editors might change the formatting (e.g.: replacing
    commas “”, etc.). Make sure these are not altered. One way would be
    to use the Terminal Editor as the text editor.

    3. Copy the modified epp_change_ip.sh into JAMF Admin


    7 | Endpoint Protector | User Manual

    4. Copy the EndpointProtector.pkg into JAMF Admin

    5. Login to JAMF Pro and go to Computer > Policies

    6. Create a new policy, add a name and make sure Recurring check-in is
    checked
    8 | Endpoint Protector | User Manual

    7. In the Scripts > Configure Scripts section, add the epp_change_ip.sh


    script. Make sure the Priority is set to Before as the script need to be
    installed before the next step.

    8. On the same policy, in the Packages > Configure Packages section,


    add the EPPClient.pkg

    9. Add a scope to the policy and save it

    10. Check that the Endpoint Protector Client has been deployed correctly and
    the Server-Client communication and policies work as expected. This
    means the endpoint appears in the List of Computes within the Endpoint
    Protector UI and that the Endpoint Protector Client is displayed in the
    menu bar.
    9 | Endpoint Protector | User Manual

    3. Disclaimer

    Endpoint Protector Appliance does not communicate outside of your network


    except with liveupdate.endpointprotector.com and cloud.endpointprotector.com.

    Endpoint Protector does not contain malware software and does not send at any
    time any of your private information (if Automatic Live Update Reporting is
    DISABLED).

    Each Endpoint Protector Server has the default SSH Protocol (22) open for
    Support Interventions and there is one (1) System Account enabled (epproot)
    protected with a password. The SSH Service can be disabled at customers’
    request.

    Security safeguards, by their nature, are capable of circumvention. CoSoSys


    cannot, and does not, guarantee that data or devices will not be accessed by
    unauthorized persons, and CoSoSys disclaims any warranties to that effect to the
    fullest extent permitted by law.

    © 2004 – 2021 CoSoSys Ltd.; Endpoint Protector, My Endpoint Protector, Endpoint


    Protector Basic and EasyLock are trademarks of CoSoSys Ltd. All rights reserved.
    Windows is a registered trademark of Microsoft Corporation. Macintosh, Mac OS X,
    macOS are trademarks of Apple Corporation. All other names and trademarks are
    property of their respective owners.

    You might also like