Approve the Network Extension Component of the System Extension via MDM

Use this procedure to grant the System Extension the ability to Filter Network Content via a Web Content Filter configuration profile.

After creating this profile, the profile should be signed to enable distribution via MDM.

Procedure

♦ The fields should be completed exactly as follows. Copy and paste for accuracy.
In the General payload:
- Payload Scope: System
In the Web Content Filter payload:
- Filter Type: Plug-In
- Plug-In Bundle ID: com.vmware.carbonblack.cloud.se-agent
- Check Enable Socket Filtering
  - Filter Data Provider System Extension Bundle ID (macOS): com.vmware.carbonblack.cloud.se-agent.extension
  - Filter Data Provider Designated Requirement (macOS): identifier "com.vmware.carbonblack.cloud.se-agent.extension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7AGZNQ2S2T"
- Check Enable Packet Filtering (macOS)
  - Filter Packet Provider System Extension Bundle ID (macOS): com.vmware.carbonblack.cloud.se-agent.extension
  - Filter Packet Provider Designated Requirement (macOS): identifier "com.vmware.carbonblack.cloud.se-agent.extension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7AGZNQ2S2T"