VinceHWebb - Try these values:
Identifier Type: Bundle ID
Code Requirement: identifier "com.vmware.fusion" and anchor apple generic and certificate 1[field.1.2.840.113618.104.22.168.6] /* exists */ and certificate leaf[field.1.2.840.113622.214.171.124.13] /* exists */ and certificate leaf[subject.OU] = EG7KH642X6
Then select the different Services you want enabled (such as "System Policy All Files").
Thanks!! Photo finish with WS1 support answering me too! :-) Thanks so much for the help!
rterakedis I do have a followup question about Privacy Prefs and in particular for Fusion. I didn't notice this until trying on a fresh vanilla setup. When first launching Fusion I still get the following popup. I have a ticket open with Support about it but so far no luck. My current profile gives Accessibility and both System Files options. My first popup was resolved but no idea how to stop this one? Also, I'll forward you some Preferences for AV stuff I've discovered later today. No recognition needed; happy to contribute.
VinceHWebb -- This looks like an "Apple Events" preference. Try adding:
Receiver Code Requirement:
identifier “com.apple.systemevents” and anchor apple
It would basically look like this:
When I add this to the Fusion profile it fails to install to the device. When looking at the device in WS1 portal in the Troubleshooting area I found this error:
Error Code: 22 In the payload (UUID: 5762df04-b066-4439-8c44-15e308be7e88), the key 'AEReceiverCodeRequirement' has an invalid value.
Apologies for the copy/paste fail! As for the prompt still happening, i wrote this up awhile back to help with troubleshooting: euc-samples/macOS-Samples/Privacy Preferences Policy Control at master · vmware-samples/euc-samples · GitHub
One of the things that may help is to examine what actually gets saved in the TCC db. One of the blurbs in that GitHub doc is this:
You can also review the TCC database after clicking the button to whitelist the app. Run the command
echo ".dump" | sudo sqlite3 /Library/Application\ Support/com.apple.TCC/TCC.dband
echo ".dump" | sudo sqlite3 ~/Library/Application\ Support/com.apple.TCC/TCC.dbto view the entries in the TCC databases. You will not be able to read the TCC.db if Terminal is not granted permissions (SystemPolicyAllFiles)
The kicker is that Terminal needs to be granted full access in your testing system (either via MDM or using the System Preferences Security & Privacy pane). If you don't give Terminal Access, you won't be able to read the databases...
I'll give this a try and share my findings. Thanks for the continued help!