This articles lists the information about the different policies and extensions needed to properly configure an MDM profile to be used for Apex One (Mac).
Trend Micro Apex One (Mac) needs Full Disk Access and System Extension to run, and users may receive this prompt after upgrading the Security agent to version 3.5.3617. You can refer to the information below if you are using MDM and would like to automate the process of allowing Full Disk Access for Trend Micro Apex One (Mac):
IDENTIFIER: com.trendmicro.icore
IDENTIFIER TYPE: Bundle ID
CODE REQUIREMENT: identifier "com.trendmicro.icore" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32
Allow access for the following services:
- Accessibility
- Admin Files
- All Files
- System Events
- Receiver Identifier: com.apple.systemevents
- Receiver Code Requirement: identifier "com.apple.systemevents" and anchor apple
Click image to enlarge.
IDENTIFIER: com.trendmicro.tmsm.MainUI
IDENTIFIER TYPE: Bundle ID
CODE REQUIREMENT: identifier "com.trendmicro.tmsm.MainUI" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32
Allow access for the following services:
- Accessibility
- Admin Files
- All Files
- System Events
- Receiver Identifier: com.apple.systemevents
- Receiver Code Requirement: identifier "com.apple.systemevents" and anchor apple
Click image to enlarge.
codesign -dr - /Applications/TrendMicroSecurity.app/Contents/Resources/iCoreService.app/Contents/MacOS/iCoreService
Add the following information to allow Trend Micro Apex One (Mac) Security agent kernel extension:
Team ID | Bundle Identifier |
---|---|
E8P47U2H32 | com.trendmicro.kext.filehook |
com.trendmicro.kext.KERedirect | |
com.trendmicro.kext.iTMKernAPI | |
com.trendmicro.icore.netfilter | |
com.trendmicro.icore.es |
By adding below profile settings into MDM and deploy to the Managed Mac computer, the Chrome / Firefox extensions will be enabled automatically and a pop-up message for Chrome and FireFox will no longer appear.