We’re migrating product documentation to docs.vmware.com, starting with Carbon Black Cloud. Learn more.

Cb Protection Mac Agent sleep/wake issue resolved in 7.2.3 Patch 6

Cb Protection Mac Agent sleep/wake issue resolved in 7.2.3 Patch 6

This is not a new issue and I am posting this as customers have asked for clarification around the Mac agent sleep/wake issues that were resolved in 7.2.3 patch 6.

In Cb Protection agents prior to 7.2.3 Patch 6, Macs transitioning in and out of sleep could cause the OS to crash/hang when the agent was present.  

The sleep/wake failures caused by the agent have been addressed in 7.2.3 Patch 6 except for one scenario:

When using FileVault with NVRAM FileVault Key destruction on standby (the DestroyFVKeyOnStandby power setting), a sleep/wake can still happen.

To avoid sleep/wake failures on systems using FileVault, you can set the DestroyFVKeyOnStandby to 0. If that is not an option, you can alternatively set standby to 0. (See the macOS pmset command for more information.)

The choices are:

1. Don’t use DestroyFVKeyOnStandby

2. Don’t use standby on those systems that require DestroyFVKeyOnStandby

Stated another way, you don’t have to disable standby across the board.  You can use standby as long as you aren’t using or can disable the DestroyFVKeyOnStandby setting.

When DestroyFVKeyOnStandby equals “1” and the system comes out of hibernation, the disk is encrypted until the user types his password.  If the user doesn’t enter his password at this time, the system eventually returns to sleep. At some point following this timeout, we believe that the system wakes the Cb Protection driver and it attempts to access the encrypted drive which causes the crash/hang of the OS.

Comments

Hello,

Any idea when a fix not a workaround will be in place. By this I mean a product that does not require users to alter the OS or disable features for the product to work as it was when we purchased it? If we had to alter the OS to get the product to work or disable key security features built into the OS we would have never purchased this product. We have to run Filevault and we do not want to make the login process any harder for our users then it already is. It is common when logging past filevault to have to enter your PW twice, this is ok when it is only needed when power cycling a computer.

Hello,

We are working within the constraints that Apple provides us.  At this point, this is the only solution that we can provide.

Regards,

Larry

pvz

For reference, the 7.2.3 P6 Mac Agent that Larry mentions is available here: Cb Protection Mac agent

Article Information
Author:
Creation Date:
‎09-15-2017
Views:
954