Deploying PGP Encryption Desktop with MDM deployment settings on macOS (Symantec Encryption Desktop)
search cancel

Deploying PGP Encryption Desktop with MDM deployment settings on macOS (Symantec Encryption Desktop)

book

Article ID: 207386

calendar_today

Updated On:

Products

Desktop Email Encryption, Powered by PGP Technology Drive Encryption Powered by PGP Technology Encryption Desktop Corporate Powered by PGP Technology Encryption Desktop Powered by PGP Technology Encryption Desktop Professional Powered by PGP Technology Encryption Desktop Storage Powered by PGP Technology Encryption Management Server Powered by PGP Technology Desktop Email Encryption Drive Encryption PGP Command Line PGP Encryption Suite PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption

Issue/Introduction

This document goes over all the deployment/MDM settings for PGP Encryption Desktop (Symantec Encryption Desktop) on macOS.

Resolution

Important Note: PGP Encryption Desktop 11.0.1 and above now have the ability to install without certain components being enabled.  For example, you can install without Virtual Disk on the system, while keeping Email Encryption installed.  You could also install without Email Encryption while keeping Virtual Disk encryption installed.  If you would like to have these easy-to-use commands (sudo installer) to do a silent install of PGP Encryption Desktop on macOS, reach out to Symantec Encryption Support for further guidance and we can provide you some very convenient commands that will help with your deployment!  Be sure to mention this KB for us to easily find the steps to help you out! 

Ref: EPG-22596/IMSFR-1034

 

Identifier

Identifier Type

Code requirement for PGP Encryption Desktop (10.4.2 MP4 and above)

Code requirement for PGP Encryptoin Desktop (10.4.2 MP5 and above)

Service – App access

com.pgp.engine

Bundle ID

identifier "com.pgp.engine" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9PTGMPNXZ2"

identifier "com.pgp.engine" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "Y2CCP3S9W7"

SystemPolicyAllFiles - Allow

com.pgp.pgp

Bundle ID

identifier "com.pgp.pgp" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9PTGMPNXZ2"

identifier "com.pgp.pgp" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "Y2CCP3S9W7"

SystemPolicyAllFiles - Allow

com.pgp.viewer

Bundle ID

identifier "com.pgp.viewer" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9PTGMPNXZ2"

identifier "com.pgp.viewer" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "Y2CCP3S9W7"

SystemPolicyAllFiles - Allow

com.pgp.shredder

Bundle ID

identifier "com.pgp.shredder" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9PTGMPNXZ2"

identifier "com.pgp.shredder" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "Y2CCP3S9W7"

SystemPolicyAllFiles - Allow

/Library/Application Support/PGP/SEDFVd

Path

identifier "com.Symantec.Encryption.SEDFVd" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "9PTGMPNXZ2"

identifier "com.Symantec.Encryption.SEDFVd" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "Y2CCP3S9W7"

SystemPolicyAllFiles - Allow

 



Table: Kernel Extensions Settings

 

Display name

Team ID for 10.4.2 MP4

Team ID for 10.4.2 MP5 and above

Display Name & Kernel Extension Bundle ID

 

Symantec

 

9PTGMPNXZ2

        

Y2CCP3S9W7

Display Name

Kernel Extension Bundle ID

PGPdiskDriver

com.pgp.iokit.PGPdiskDriver

PGPnke

com.pgp.kext.PGPnke

 

For further guidance, please reach out to Symantec Encryption Support.

 

Additional Information