For versions 10.7.8 and earlier:
The following table describes the user experience depending on the environment where ENSM Firewall is deployed.
Configuration |
User Experience |
Installation on non-MDM systems |
- When you install ENSM on macOS systems, the Firewall feature is disabled at the time of installation.
- ENSM automatically loads the McAfee system extension during the installation.
- A McAfee alert prompts the user to allow the McAfee system extension from the Security & Privacy System Preferences pane.
- After the user gives consent, they see another prompt to allow the McAfeeSystemExtensions Content Filter.
- After the user gives consent, the Firewall feature can be enabled.
NOTES:
- The McAfee Alert appears every 30 minutes until the user provides consent.
- These systems have a Firewall compliance status of Non-compliant in ePO until the user gives consent.
|
Installation on MDM systems |
The system extension can be approved without user interaction, using a management profile System Extensions payload with the following settings:
Property |
Value |
System Extension Types |
Allowed System Extensions |
Team Identifier |
GT8P3H7SPW |
Bundle Identifiers |
com.mcafee.CMF.networkextension
com.mcafee.CMF.endpointsecurity |
For a sample profile for the System Extensions payload, see SEPC_McAfee_v2.0.mobileconfig.zip in the "Attachment" section of this article.
You can use a Web Content Filter payload with the following settings to approve the extension Content Filter component:
Property |
Value |
FilterSockets |
True |
FilterDataProviderBundleIdentifier |
com.mcafee.CMF.networkextension |
FilterDataProviderDesignatedRequirement |
anchor apple generic and identifier "com.mcafee.CMF.networkextension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GT8P3H7SPW) |
FilterPackets |
True |
FilterPacketProviderBundleIdentifier |
com.mcafee.CMF.networkextension |
FilterPacketProviderDesignatedRequirement |
anchor apple generic and identifier "com.mcafee.CMF.networkextension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = GT8P3H7SPW) |
PluginBundleID |
com.mcafee.containerapp |
UserDefinedName |
McAfeeSystemExtensions |
FilterType |
Plugin |
For a sample profile for the Web Content Filter payload, see CFS_McAfee_v1.0.mobileconfig.zip in the "Attachment" section of this article. |
When uninstalling ENSM Firewall 10.7.8 on MDM-managed Monterey and later systems:
You can avoid user intervention to provide administrator credentials during the uninstallation of system extensions on MDM-managed Monterey systems. To achieve this configuration, use a management profile with a System Extensions payload with the following settings:
Property |
Value |
System Extension Types |
Removable System Extensions |
Team Identifier |
GT8P3H7SPW |
REMOVABLE SYESTEM EXTENSIONS |
com.mcafee.CMF.networkextension
com.mcafee.CMF.endpointsecurity |
For a sample profile for the Removable System Extensions payload, see
SEPC_McAfee_v2.0.mobileconfig.zip in the "Attachment" section of this article.
NOTES:
- The profile avoids user intervention only on MDM-managed systems with macOS Monterey and later. The user is prompted to enter the administrator credentials on the MDM-managed Big Sur and MDM-managed Catalina systems with the Removable System Extensions payload profile.
- The sample profile SEPC_McAfee_v2.0.mobileconfig.zip in the "Attachment" section of this article addresses the alert that prompts to allow the McAfee system extension from the Security & Privacy System Preferences pane during Firewall install. This sample profile also addresses the password prompt to enter the administrator credentials to uninstall the system extensions on MDM-managed Monterey and later systems.
When uninstalling ENSM Firewall 10.7.7:
When uninstalling ENSM Firewall, the user is prompted to enter the administrator credentials to uninstall the system extension. If the user doesn't provide credentials, the ENSM Firewall uninstallation continues, but system extensions aren't uninstalled with ENSM Firewall. In this case, the user again sees a prompt to enter the administrator credentials when the last McAfee module is getting uninstalled from the system. Users must provide the credentials on the password prompt when this last McAfee module is getting uninstalled from the system. Failing to do so leaves the system extensions and Functional Module Platform (FMP) on the system. The FMP is a common component that all McAfee modules use.
When uninstalling ENSM Firewall 10.7.5/10.7.6:
When uninstalling ENSM Firewall, the user is prompted to enter the administrator credentials to uninstall the system extension. This statement applies to both ENSM Firewall standalone and ePO-managed. Also, it doesn't matter whether the system is MDM-managed. If the user doesn't provide credentials or provides incorrect credentials, the ENSM Firewall uninstallation doesn't continue. To uninstall ENSM Firewall successfully, the user must try the uninstallation again and provide the correct credentials.
Apple designed the uninstallation of system extensions this way. User intervention can't be avoided even on MDM-managed systems.