Browse Docs

Deployment via ManageEngine

In this document

Step 1: Download Required Files
Step 2: Add Scripts to the Script Repository
Step 3: Create the Agent Install Configuration
Step 4: Create the CA Certificate Configuration
Step 5: Create the DNS Proxy Extension Configuration
Step 6: Create the Customer-Specific Configuration
Uninstalling DefensX

This guide covers deploying the DefensX Agent to macOS devices managed by ManageEngine Endpoint Central. The process uses shared scripts and configurations applicable to all customers, plus a separate customer-specific configuration that delivers the unique deployment key and browser settings.

Step 1: Download Required Files

Log in to the DefensX backend and navigate to Policies & Groups. Under the Deployments section, locate your deployment and click the RMM button.

In the RMM dialog, click Mac MDM and download the following files:

File How to Download

DefensX-installer.sh

Click Download Installer Script

DefensX-CA.mobileconfig

Click Download DefensX-CA Certificate → As mobileconfig

DefensX-DNSProxy-Extension.mobileconfig

Click DNS Proxy Extension mobileconfig

DefensX-[deployment].mobileconfig

Click Download mobileconfig

DefensX-uninstaller.sh

Click Download Uninstaller Script

Keep all files available, they are needed in the steps below.

Step 2: Add Scripts to the Script Repository

Before creating policies, add both scripts to the Endpoint Central Script Repository. The scripts contain no customer-specific information, so they only need to be added once and can be reused across all customers.

In Endpoint Central, navigate to Configurations → Script Repository and click + Add Script.
Upload DefensX-installer.sh.
Set the Specify the exit codes field to 0.
Select Mac as the platform, then click Add.
Repeat the same steps to add DefensX-uninstaller.sh.

Step 3: Create the Agent Install Configuration

Navigate to Configurations → Add Configuration → Mac.
Find Custom Script and click the Computer Configuration icon.
In the Name field, enter a descriptive name like DefensX Agent Install Policy.
Under Execute Script from / Run, select Repository and choose DefensX-installer.sh from the Script Name list.
Set the Specify the exit code(s) field to 0.
Select the desired execution frequency.
In the Define Target section, select target computers by Domain, Device Groups, or other available criteria.
Click Deploy to complete the configuration.

Step 4: Create the CA Certificate Configuration

This configuration deploys the DefensX Root CA certificate to managed devices.

Navigate to Configurations → Add Configuration → Mac.
Find Custom Configuration and click the Computer Configuration icon.
In the Name field, enter a descriptive name like DefensX CA Profile.
In the Custom Configuration profile field, upload DefensX-CA.mobileconfig.
In the Define Target section, select the target computers.
Click Deploy to complete the configuration.

Step 5: Create the DNS Proxy Extension Configuration

This configuration grants the DefensX DNS Proxy Network Extension the permissions it needs to operate without prompting users for approval. It enables DNS policy enforcement without modifying system-level DNS settings.

Navigate to Configurations → Add Configuration → Mac.
Find Custom Configuration and click the Computer Configuration icon.
n the Name field, enter a descriptive name like DefensX DNSProxy Extension.
In the Custom Configuration profile field, upload DefensX-DNSProxy-Extension.mobileconfig.
In the Define Target section, select the target computers.
Click Deploy to complete the configuration.

Step 6: Create the Customer-Specific Configuration

Each DefensX deployment has a unique Deployment Key embedded in its mobileconfig file. This step pushes that key along with any deployment-specific browser settings to the target devices.

Navigate to Configurations → Add Configuration → Mac.
Find Custom Configuration and click the Computer Configuration icon.
In the Name field, enter a name that identifies both the customer and the deployment, e.g. DefensX [Customer Name] Default Settings.
In the Custom Configuration profile field, upload the DefensX-[deployment].mobileconfig file downloaded in Step 1.
In the Define Target section, select the target computers.
Click Deploy to complete the configuration.

To speed up the initial rollout, open the ManageEngine tray icon on any target Mac and click Apply Configurations — this immediately triggers script execution and profile delivery without waiting for the next scheduled check-in.

Uninstalling DefensX

Important

Before running the uninstall script, exclude the target devices from all configurations created in Steps 3, 4, 5, and 6. If devices remain in those configurations, the MDM will continue reinstalling the agent and reapplying profiles.

To exclude devices from the existing configurations:

Navigate to Configurations → Views → All Configurations.
Click on each configuration created in Steps 3, 4, 5, and 6.
Click Modify and select Targets.
Under Exclude Target, add the criteria that identify the devices you want to remove DefensX from.

Once all exclusions are in place, create the uninstall policy:

Navigate to Configurations → Add Configuration → Mac.
Find Custom Script and click the Computer Configuration icon.
In the Name field, enter a name like DefensX Agent Uninstall Policy.
Under Execute Script from / Run, select Repository and choose DefensX-uninstaller.sh from the Script Name list.
Set the Specify the exit code(s) field to 0.
Select the desired execution frequency.
In the Define Target section, select the devices to uninstall from.
Click Deploy to complete the configuration.

The uninstall script will run on the next scheduled trigger, or immediately by clicking Apply Configurations from the ManageEngine tray icon on the target Mac.

Knowledge Base

Browse Docs

Introduction

Management

Deployment

Integrations

Policy Management

Secure Access (ZTNA)

Nexi AI

Auto Pilot

Training Videos

Questions & Answers

MSP Automation