Cb Protection Mac Agent sleep/wake issue resolved in 7.2.3 Patch 6
This is not a new issue and I am posting this as customers have asked for clarification around the Mac agent sleep/wake issues that were resolved in 7.2.3 patch 6.
In Cb Protection agents prior to 7.2.3 Patch 6, Macs transitioning in and out of sleep could cause the OS to crash/hang when the agent was present.
The sleep/wake failures caused by the agent have been addressed in 7.2.3 Patch 6 except for one scenario:
When using FileVault with NVRAM FileVault Key destruction on standby (the DestroyFVKeyOnStandby power setting), a sleep/wake can still happen.
To avoid sleep/wake failures on systems using FileVault, you can set the DestroyFVKeyOnStandby to 0. If that is not an option, you can alternatively set standby to 0. (See the macOS pmset command for more information.)
The choices are:
1. Don’t use DestroyFVKeyOnStandby
2. Don’t use standby on those systems that require DestroyFVKeyOnStandby
Stated another way, you don’t have to disable standby across the board. You can use standby as long as you aren’t using or can disable the DestroyFVKeyOnStandby setting.
When DestroyFVKeyOnStandby equals “1” and the system comes out of hibernation, the disk is encrypted until the user types his password. If the user doesn’t enter his password at this time, the system eventually returns to sleep. At some point following this timeout, we believe that the system wakes the Cb Protection driver and it attempts to access the encrypted drive which causes the crash/hang of the OS.