Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

[Cb Response] Announcing Controlled Distribution of 6.1.3 macOS Sensor

[Cb Response] Announcing Controlled Distribution of 6.1.3 macOS Sensor

Hello all,

Today, the Cb Response Team is announcing Controlled Distribution of the 6.1.3 macOS sensor. It is recommended that you adopt a phased roll out of these CD sensors in line with your organization's software deployment best practices.

This sensor release provides support for the new 10.13.2 macOS in addition to bug fixes.

***Important Note: Previous macOS sensors do not contain support for the 10.13.2 macOS. Additionally, internal testing of the 6.1.3 macOS sensor has shown compatibility with the 10.13.3 macOS latest available betas (currently up to beta 2).

For more details, please check out the release notes here:


Installing new sensors --- To install the sensors on to your server, run through the following instructions (master only in case of cluster):

1) Ensure your yum repo is set appropriately


2) Run yum install --downloadonly --downloaddir=<local directory to download the package into> <package>

  • <package> is replaced by cb-osx-sensor


3) Run rpm -i --force <package downloaded>  Then:

  • On 6.x servers -- Run /usr/share/cb/cbcheck sensor-builds --update

Your new sensor versions should now be available via the console. If you have any issues, please contact Carbon Black Technical Support.

Thanks!

The Cb Response Team

Labels (1)
0 Kudos
Comments

Can someone expand on this statement please it is not covered in the release notes. If there is no longer any visibility to the Mac client what is the point of running the CB agent?

6.1.2 macOS users that upgrade to 10.13.2 macOS will notice a reduced health score with the error message “Proxy Driver Failure”. This is intended to prevent loading of unsupported Cb Response kernel extensions on MacOS 10.13.2 however you will not have visibility into the activities on those systems.

mshubaly​ - this is referring to a new mechanism in macOS sensor that will help prevent users from crippling themselves if they upgrade past the supported OS of the sensor package. If a user upgrades themselves to an unsupported kernel, the sensor should fail to even load, *preventing things like kernel panic experienced in the past.

Woah! Very nice. We've experienced this and it's oh so painful. We warn our Operations team, but we still get the ugly glare when it happens.

Carbon Black took all of the feedback at the end of 2017 regarding Sensor Supported OS SLAs, and we have already seen improvements. With all these changes it should help reduce the number of ugly glares, but communication and cooperation among these teams and users will always be vital no matter how quickly we can provide a supported package!

Keep the feedback coming.

I'm assuming this is for CB Response on premise and not for CB Response Cloud? if that is correct do we have a rollout schedule for CB Response Cloud?

I assume we can alert on this somewhere in the console? Maybe through the Threat Intel feed?

Hi floyd​,

Cb Response Cloud is expected to be make the 6.1.3 macOS sensor available this week. A UeX posting will go out once that has been made available.

~ Gino

When can we expect this for the Cloud? I have been checking this thread everyday this week.

FYI - looks like Apple just released 10.13.3.

I just get an ssl error with the controlled distribution server, even if I set sslverify=0 in the repo file.

Is there something I am doing wrong?

Article Information
Author:
Creation Date:
‎01-03-2018
Views:
5865
Contributors