To enable the configuration deployment without requiring user approval of the network extension, configure the custom settings payload.

Procedure

  1. Enter custom in the search text box of the device configuration profile.
  2. Select Custom Settings and click Configure.
  3. Copy and paste the following custom XML for the sensor's network extension.
    This setup grants System Extensions the ability to Filter Network Content by using a Web Content Filter configuration profile.
    Example of a custom settings XML. 
    <dict>
    <key>FilterDataProviderBundleIdentifier</key>
    <string>com.vmware.carbonblack.cloud.se-agent.extension</string>
    <key>FilterDataProviderDesignatedRequirement</key>
    <string>identifier "com.vmware.carbonblack.cloud.se-agent.extension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7AGZNQ2S2T"</string>
    <key>FilterPacketProviderBundleIdentifier</key>
    <string>com.vmware.carbonblack.cloud.se-agent.extension</string>
    <key>FilterPacketProviderDesignatedRequirement</key>
    <string>identifier "com.vmware.carbonblack.cloud.se-agent.extension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7AGZNQ2S2T"</string>
    <key>FilterPackets</key>
    <true/>
    <key>FilterSockets</key>
    <true/>
    <key>FilterType</key>
    <string>Plugin</string>
    <key>PayloadDisplayName</key>
    <string>Web Content Filter</string>
    <key>PayloadIdentifier</key>
    <string>com.apple.webcontent-filter.71C289AC-7ACF-44BC-AB5E-580736C634DF</string>
    <key>PayloadType</key>
    <string>com.apple.webcontent-filter</string>
    <key>PayloadUUID</key>
    <string>71C289AC-7ACF-44BC-AB5E-580736C634DF</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>PluginBundleID</key>
    <string>com.vmware.carbonblack.cloud.se-agent</string>
    <key>UserDefinedName</key>
    <string>Carbon Black Network Extension Filter</string>
</dict>
  4. Save the configuration profile.