User consent is required to load any third-party system extensions (for products using network extension on macOS Big Sur 11.1.x and later). As SCP 4.6.0 uses couple of Network System Extension for network events, so prior approval of the following are required:
- Network Extension Transparent Proxy
- Content Filter configurations
Install SCP Silently
You can install SCP without any manual user intervention
- Create the following payloads:
- System Extensions Payload
- Content Filter Payload
- App Proxy Filter (VPN) payload
- Push them to the endpoint. For instance, using JamF.
- Install SCP using the following Payload settings:
Payload
|
Settings
|
System Extensions Payload
|
-
Add System Extensions Payload.
-
Configure following:
Property
|
Value
|
Allow users to approve system extensions
|
Uncheck/disable
|
System Extension Types
|
Allowed System Extensions
|
Team Identifier
|
P2BNL68L2C
|
Allowed system extensions
|
|
|
Content Filter Payload
|
-
Add Content Filter Payload.
-
Configure following:
Property
|
Value
|
Filter Sockets (Socket Filter)
|
True
|
Filter Data Provider Bundle Identifier (Socket Filter Bundle Identifier)
|
com.trellix.CMF.networkextension
|
Filter Data Provider Designated Requirement (Socket Filter Designated Requirement)
|
anchor apple generic and identifier "com.trellix.CMF.networkextension" and (certificate leaf[field.
1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and
certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P2BNL68L
2C)
|
Filter Packets (Network Filter)
|
True
|
Filter Packet Provider Bundle Identifier (Network Filter Bundle Identifier)
|
com.trellix.CMF.networkextension
|
Filter Packet Provider Designated Requirement (Network Filter Designated Requirement)
|
anchor apple generic and identifier "com.trellix.CMF.networkextension" and (certificate leaf[field.
1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and
certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = P2BNL68L
2C)
|
Plugin Bundle ID (Identifier)
|
com.trellix.containerapp
|
User Defined Name (Filter Name)
|
TrellixSystemExtensions
|
Filter Type
|
Plug-in
|
|
App Proxy Filter Payload
|
You can use the following Proxy payload for the approval of the extension Proxy components (VPN Payload):
-
Add VPN
-
Configure following:
Property
|
Value
|
Connection Name
|
TrellixProxyExtension
|
VPN Type
|
VPN
|
Connection Type
|
Custom SSL
|
Identifier
|
com.trellix.containerapp
|
Server
|
localhost
|
Provider Bundle Identifier
|
com.trellix.CMF.networkextension
|
User Authentication
|
Certificate
|
Provider Type
|
App-Proxy
|
Include All Networks
|
False (unchecked)
|
Exclude Local Networks
|
False (unchecked)
|
Provider Designated Requirement
|
anchor apple generic and identifier "com.trellix.CMF.networkextension" and (certificate 0.113635.100.6.2.6] /* exists */ and
certificaleaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.84te leaf[field.1.2.840.113635.100.6.1.13] /*
exists */ and certificate leaf[subject.OU] = P2BNL68L2C)
|
Identity Certificate
|
None
|
|
Uninstall SCP
A prompt appears for entering the administrator credentials to uninstall the system extension for both SCP standalone and managed with Trellix ePO. It works in the same way for MDM-managed system. If no credentials are entered or incorrect credentials are entered, the SCP removal does not continue. Provide correct credentials for successfully uninstalling SCP. User intervention can't be avoided even on MDM-managed systems and works as designed by Apple.