Changes to Bitdefender Endpoint Security Tools in macOS Big Sur and later: network extension, proxy configurations and SSL certificate
Starting with macOS Big Sur, Apple uses technologies that affect the behavior of the Bitdefender Endpoint Security Tools agent.
Specifically, Apple has replaced the kernel extensions found in older versions of macOS with system extensions, which run in the user space. Therefore, Bitdefender has switched for Bitdefender Endpoint Security Tools from kernel extensions to system extensions too. One system extension in particular requires more attention from users: the network extension.
To work properly, some of the Bitdefender Endpoint Security Tools features or network components (Antiphising, Traffic Scan and Web Access Control in the Content Control module, and the EDR Sensor) require the following approvals from users:
Approval for the network extension
Approval for the tunneling application used to filter the internet traffic
Approval for the SSL certificate
If the network extension, the tunneling application and the SSL certificate are not approved, Bitdefender Endpoint Security Tools displays warning messages at every three hours.
Important
Starting with version 4.15.127.200127, Bitdefender Endpoint Security Tools provides full support for Content Control in macOS Big Sur 11.2 (see the release notes). Previously on macOS Big Sur 11.0 and 11.1, Content Control had entered the passthrough mode and stopped any connection filtering when another application with a network extension was installed on the endpoint (for example, Cisco AnyConnect VPN). This happened due to an incompatibility issue of the operating system. In such a situation, the GravityZone console displayed the following error message: "Unknown issue (Product.NetworkExtensionIsDisabled.NetworkExtensionIncompatibility)".
For details about the Bitdefender Endpoint Security Tools support in macOS Big Sur, refer to Bitdefender support for macOS Big Sur.
Note
This article includes procedures and screenshots available with macOS Big Sur. The procedures are also applicable with later versions of macOS, such as Monterey and Ventura, but the user interface may differ, so please pay attention when following the steps.
The network extension
At installation
In the older macOS versions, kernel extensions required approval only at the first installation of Bitdefender Endpoint Security Tools. Starting with macOS Big Sur, the network extension requires approval every time the agent or a network component is installed or reinstalled (unless another component is already installed).
At installation, Mac users receive the following System Extension Blocked warning message for the Network extension:
"The program "SecurityNetworkInstallerApp" tried to load new system extension(s). If you want to enable these extensions, open Security & Privacy System Preferences."
To approve the network extension in macOS Big Sur:
Click Open Security Preferences.
Go to Security > Privacy > General.
Click the lock at the bottom of the window to make changes.
Enter your system credentials and click Unlock.
Click Allow for the blocked system extension.
With the Network extension not approved, Bitdefender Endpoint Security Tools displays a You are at risk warning with the following message in the View Issues window:
"Install and allow the network extension to enable full protection."
To fix the issue:
Click Install now to open the Security > Privacy window.
Click the lock at the bottom of the window to make changes.
Enter your system credentials and click Unlock.
Click Allow for the blocked system extension.
Note
In macOS Ventura these controls are available in the Privacy & Security page.
At uninstall
Starting with macOS Big Sur and later, the network extension requires user approval when the agent or the network components are uninstalled (no other component remains installed).
If the user does not approve the change, the agent or the component will not be uninstalled.
The tunneling application (proxy configurations)
The system extension runs in the user space, so Bitdefender Endpoint Security Tools uses a tunneling application (like a VPN) to filter the traffic. This application also requires approval.
In the "BDLDaemon" Would Like to Add Proxy Configurations window, click Allow.
With the application not approved, Bitdefender Endpoint Security Tools displays a You are at risk warning and the following message in the View Issues window:
"Install the network component by allowing BDLDaemon.app to add Proxy Configuration."
The proxy configuration will be added to System Preferences > Network.
Bitdefender DCI connects only if the network extension was approved.
The SSL certificate
To filter the HTTPS traffic, Bitdefender Endpoint Security Tools requires the approval of a SSL certificate.
If the Trust Settings are not updated, Bitdefender Endpoint Security Tools displays a You are at risk warning and the following message in the View Issues window:
"The SSL certificate is not trusted. Please trust the certificate to enable SSL protection."
To trust the SSL certificate:
Click Open Keychain Access.
Double-click on Bitdefender CA SSL.
Expand the Trust section.
Click When using this certificate and select Always Trust.
Close the window.
Enter your system credentials and click Update Settings.
Important
In addition to the procedures described above, BESTrequires Full Disk Access permissions in macOS Big Sur. For details, refer to Full Disk Access is not granted for Bitdefender Endpoint Security Tools in macOS Mojave (10.14) and later.