Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud sensor: macOS support

Carbon Black Cloud sensor: macOS support


Attention:

Support information for each Carbon Black Cloud Sensor has moved to VMware Docs. This UEX page will no longer be updated.

Each sensor is a distinct OER on VMware Docs and the links are provided below:


 

 

Comments

Any ETA on when 10.14.4 will be supported by CB Defense?

 

Thanks!

@kcsantos  10.14.4 and 10.14.5 are supported by  3.2.1 – 3.3.1 - the document will be updated shortly

I still have issue with 10.14.5 with the sensor version 3.3.1.12. It goes to Sensor Bypass mode as soon as it's installed. 

Hi @Prabhu ,

Does this KB article help at all?
If not, I would recommend opening a Support Case...

https://community.carbonblack.com/t5/Knowledge-Base/Cb-Defense-Mac-Sensor-installs-with-status-quot-...

HI @davy 

I really appreciate your reply. I'll test it and update you.

Thanks

Hi @davy 

I got it working on the MAC. Thanks for the article.

Cheers

Prabhu

Hi all

Shouldn't the CB LiveOps supported version be shown as '3.3.1-3.3.2',  instead of '3.3.2' only?

Hi all,

1. Does the newly released 3.3.3.35 sensor support following macOS versions?

- OS 10.14 (Mojave)
- OS 10.13 (High Sierra)
- OS 10.12 (Sierra)
- OS 10.11 (El Capitan)
- OS X 10.10 (Yosemite)

2. The newly released 3.3.3.35 sensor supports CB ThreatHunter, so the related column should be updated.

3. Shouldn't the CB LiveOps supported version be shown as '3.3.1-3.3.3', instead of '3.3.2' only?

 

Regards,

  Haro

Have we stopped updating these documents?  I thought 3.3.3.35 supported ThreatHunter.  Can we get it updated?

The release notes for v3.3.3 has been updated to add clarity.

https://community.carbonblack.com/t5/Documentation-Downloads/PSC-macOS-Sensor-Version-3-3-3-Release-...

 

 

I would have loved to have seen this before my whole company "upgraded" to macOS 10.15.1 (Catalina)... Good times.

LDG

When will 10.15.1 be supported? This is a massive problem for many people.

I just need confirmation that the changes/disabling of the PKIs in Mac Kernel referred to MacOS Kernel won't affect our deployed clients.
We had several issues with this before, with users being lockout from their computers for days.

About Enterprise EDR support, why do you only support 3.4.2? At first you support 3.4.1, so I think support OS become 3.4.1+, right?

Hi,

No updates for 3.4.3.44 release?

Is this a living document? As in will it be updated once there is support of 11.x MacOS releases or is there a better place to track that? 

@sellington 

This document is fairly up to date, with delays of just few days.

If you want anything new, follow the release note for macOS sensors;

Carbon Black Cloud macOS Sensor Release Notes 

when can we expect 10.16 - 11.X support ? 
we have large scale of mac's which are going to be upgraded to 11.X soon. Please advise.

Is there a expected release date for a version compatible with Big Sur? 

@BalguriV , @JoeG 

You can read our post regarding macOS Big Sur here: https://community.carbonblack.com/t5/Carbon-Black-Cloud-Knowledge/Carbon-Black-Cloud-Update-on-Suppo...

Expect an update on the availability of the GA sensor around December 1st, 2020. 

Hi 

Somebody know the sensor when will support Mac OS 11?

@yang_chen 

https://community.carbonblack.com/t5/Carbon-Black-Cloud-Knowledge/Carbon-Black-Cloud-Update-on-Suppo...

From that article:

Update 12/07/20: We plan to begin roll-out of the GA sensor next week.

Hey Community,

are 3.5.1.23** and 3.5.1.31* compatible with macOS 11.3 (was released few days ago) ?

@hamsik007 it's not - I now have sensors in "Sensor Bypass (Admin Action)"

The installation error is:

Detected macOS version: 11.3.1...WARNING: This OS is newer than the sensor being installed, proceeding with install. Please refer to https://community.carbonblack.com/t5/Documentation-Downloads/Carbon-Black-Cloud-sensor-macOS-support/ta-p/66268 for more information.

(the link is this page)

I have to say Carbon Black you guys have really been dropping the ball with Big Sur, for months now.

It's been causing our team a lot of headaches and taking a lot of my time. I'm pretty dissatisfied.

@hamsik007 @nickdoyle 

I'm running Carbon Black Version 3.5.1.31 on my Mac, Version 11.3.1

Screenshot 2021-05-14 at 07.10.53.png

Thanks @JoeG now so am I

I take my comment back - for the Big Sur sensors in bypass an uninstall / reinstall / remove bypass worked

Not that we weren't waiting for an age for Big Sur support and getting all sensors updated hasn't been a pain in the ass.

@nickdoyle @JoeG  thank you for the feedback, I have few users who updated their Macs to 11.3.0 and 11.3.1 running sensor version 3.5.23 and they are working fine, fingers crossed, hopefully it won't cause Kernel panic !

Any update on support for Monterey version ? 

Coincidentally, I just saw the below come across my desk...

We are in final testing of a release candidate sensor with Apple's "golden" release of macOS Monterey which will be released to the public on 25 October 2021. We are confident we will be well within our 45-day SLA. It will contain support for Intel-based and Apple Silicon-based (M1) Macs on both macOS Big Sur and macOS Monterey in System Extension mode. Intel-based Macs still on macOS Catalina will be supported in Kernel Extension mode.

Its been months now since we reported that its possible to break out of quarantine on OSX by simply making the virtual network interface inactive

Screenshot 2022-03-17 at 20.38.51.png

 

 

 

 

 

 

 

 

 

 

 

Its not only a way to break out of quarantine, but it also makes the Carbon Black agent unable to register and send events.
Can we please have an ETA on this???

Are there any known issues with Carbon Black App Control agent installations, specifically with version 8.5.0.72? This was the package available for Macs under our download link in Rules > Policies. We are receiving these errors below. We are mainly a Windows shop and do not have too many Macs in our environment. We are trying to install the agent on a new MacBook Pro. We have server version upgraded to 8.7.4.4.

 

Agent error - Carbon Black App Control Agent was unable to communicate with the kernel. Agent may be unprotected.

Agent health check - Carbon Black App Control Agent detected a problem: Failed to run kernel health check: Result[00000001] Bytes[0] Version[0.0.0.0]. Options[00000003] TotalFailures[2] FailureId[250]

Agent error - Computer failed to receive Notifier logo: Source[/Library/Application Support/com.bit9.Agent/Data/images/GenericLogo.gif].

Agent restart - Carbon Black App Control Agent has started, version 8.5.0.72 (Patch 0)DriverStart[] DaemonStart[Tue Sep 13 19:42:45 2022] DaemonRunning[Tue Sep 13 19:43:50 2022] DebugLevel[D:0 K:2 (0x007FFFFF)] Dumps[0] SystemDumps[0].

 

Thank you,

Jason Berra

First Bank

Article Information
Author:
Creation Date:
‎02-05-2019
Views:
80210