Deploying the HEIMDAL Agent through Addigy (macOS)

The HEIMDAL Agent for macOS can be deployed via Addigy using the procedure described below. Before pushing the HEIMDAL Agent, make sure you configure and push the following 3 custom profiles: Heimdal Agent - FullDiskAccess,  Heimdal Agent - Managed Login Items, Heimdal Agent - System Extension. These need to be deployed before trying to install the HEIMDAL Agent. 

1. Adding the Custom Profiles
2. Deploying the HEIMDAL Agent

ADDING THE CUSTOM PROFILES

To add the Agent app, follow the steps below: 
1. Log in to Addigy.

2. Access the Catalog page, click the Device Settings tab, and then press New to add a new device setting:

3. In the New Device Settings page, click the Custom Profile button (top-right corner).

4. Leave the deployment channel on Device, configure the profile to be received on macOS devices running macOS 13.0+, and disable iOS or tvOS.

5. Press the Select .mobileconfig file button to import the profile.

6. Press the Create Profile after uploading the .mobileconfig file.
7. Repeat the same process for the other custom profiles. 
7. From the Policies page, you can configure the policy to push the custom profiles to the endpoint (from the Device Settings area).
 

DEPLOYING THE HEIMDAL AGENT

1. Access the Catalog section -> Software tab and press New to add a new application. 

2. You can use our deployment script to add the Heimdal Agent as a script. Here is the Installation script:

#!/bin/bash

PkgUrl="https://prodcdn.heimdalsecurity.com/setup-mac/HeimdalPackage.pkg"
InstallUrl="http://prodcdn.heimdalsecurity.com/resources/silent-install.sh"

curl $PkgUrl --output HeimdalPackage.pkg
curl $InstallUrl --output silent-install.sh

sh silent-install.sh HeimdalPackage.pkg $HeimdalActivationKey

Add the following Conditions Script:

[ ! -d "/Applications/Heimdal Agent.app" ]

Additionally, you could also add the uninstall script that should remove the Heimdal Agent:

#!/bin/bash

set -e

TEAM_ID="Y54WA7N8WR"
EXTENSION="com.heimdalsecurity.heimdalAgent.dnsNetworkExtension"

log() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') $1"
}

log "Starting Heimdal forced uninstall"

# Kill all Heimdal-related processes
log "Killing Heimdal processes"
for i in {1..10}; do
    pkill -9 -f "Heimdal Agent" 2>/dev/null || true
    pkill -9 -f "HMProcessSentinel" 2>/dev/null || true
    pkill -9 -f "HM-service-check" 2>/dev/null || true
    pkill -9 -f "repClient" 2>/dev/null || true
    pkill -9 -f "heimdal" 2>/dev/null || true
    sleep 1
done

# Boot out launch agents and daemons
log "Removing launch agents/daemons"

launchctl bootout system /Library/LaunchDaemons/com.heimdalsecurity.heimdalAgent.cmdHelper.plist 2>/dev/null || true
launchctl bootout system /Library/LaunchDaemons/com.heimdalsecurity.av.repClient.plist 2>/dev/null || true
launchctl bootout system /Library/LaunchDaemons/com.heimdalsecurity.HM-service-check.plist 2>/dev/null || true

launchctl bootout gui/$(id -u $(stat -f%Su /dev/console)) /Library/LaunchAgents/com.heimdalSecurity.Agent.restart.plist 2>/dev/null || true

rm -f /Library/LaunchDaemons/com.heimdalsecurity.*
rm -f /Library/LaunchAgents/com.heimdalSecurity.*

# Remove any launchd jobs still in memory
log "Removing lingering launchd jobs"
launchctl remove com.heimdalsecurity.av.repClient 2>/dev/null || true
launchctl remove com.heimdalsecurity.HM-service-check 2>/dev/null || true
launchctl remove com.heimdalsecurity.heimdalAgent.cmdHelper 2>/dev/null || true

# Uninstall network extension
log "Uninstalling DNS network extension"
systemextensionsctl uninstall "$TEAM_ID" "$EXTENSION" 2>/dev/null || true

# Reset NetworkExtension preferences
log "Resetting NetworkExtension configuration"
rm -rf /Library/Preferences/SystemConfiguration/com.apple.networkextension*
rm -rf /Library/Preferences/com.apple.networkextension.plist

# Restart network extension services
killall -9 nesessionmanager 2>/dev/null || true
killall -9 neagent 2>/dev/null || true

# Remove privileged helper
log "Removing helper tools"
rm -f /Library/PrivilegedHelperTools/com.heimdalsecurity.*

# Remove app bundles
log "Removing application"
rm -rf "/Applications/Heimdal Agent.app"
rm -rf "/Applications/Heimdal.app"

# Remove support files
log "Removing support files"
rm -rf /Users/Shared/.ThorAgent
rm -rf /Library/HeimdalSecurity
rm -rf "/Library/Application Support/Heimdal"
rm -rf /Library/Application\ Support/com.heimdalsecurity*

# Remove defaults
defaults delete com.heimdalsecurity.heimdalAgent 2>/dev/null || true

# Reset background items database
log "Resetting background tasks database"
sfltool resetbtm 2>/dev/null || true

log "Heimdal uninstall cleanup complete"

# Reboot required for full system extension removal
# log "Scheduling reboot to finish extension removal"
# shutdown -r +1

exit 0