Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Please Read: Issue identified during Cb Response OS X Sensor Upgrade

Please Read: Issue identified during Cb Response OS X Sensor Upgrade

Hello All,

This notice addresses an issue identified in Cb Response affecting OS X sensor upgrades.

  • A race condition exists when upgrading from OS X sensor version  -> 5.2.3 that could result in a kernel panic.
    • Details: When upgrading, if the sensor does not unload kernel extensions within ~30 seconds, the upgrade will fail and cause a kernel panic.
    • Other important information:
      • A clean install of the OS X 5.2.3 sensor will be successful
      • Upgrades from the latest 5.1.1 Patch 4 OS X sensor ( -> 5.2.3 will be successful
      • Upgrades from earlier 5.2.x OS X release candidates (dated earlier than 16/10/03) -> 5.2.3 will be successful
      • This issue only affects upgrades from

The Cb Response Team recommends the following:

  • If you do not require Mac OS 10.12.1 support and are currently running the affected sensor (, you should not upgrade at this time.
  • If you are on the 5.1.1 patch 4 OS X sensor and require Mac OS 10.12.1 support, you should upgrade to the sensor currently available via the standard Carbon Black YUM repositories. This version provides 10.12.1 support.
  • If you are on 5.1.1 and would like to upgrade to 5.2.x, you can upgrade to the 5.2.3 sensor with no issue.
  • Last, if you are on the sensor, and require 10.12.1 support, you should uninstall the affected sensor, reboot the endpoint, and perform a clean install of the 5.2.3 sensor.
    • Note: When performing the manual uninstall, you can use the '-d' flag to avoid duplicate sensor ids in UI after reinstall.

The team is working diligently to provide a fix to the issue. We regret any inconvenience.  Please watch this post for updates and comment back with any questions or concerns.



Technical Product Manager - Cb Response

0 Kudos

Hi Justin - couple of questions regarding this.  The version you have listed is very similar to the version I see in my console, Specifically I'm seeing but in your announcement you have it listed as  Can you confirm if they are different version are the same?  Assuming they are the same version, is the kernel panic caused only by the upgrade process.  We are starting to experience kernel panics in our environment on OSX Sierra systems running and want to understand whether this has certainly been fixed before I do a mass add/remove of the sensor to get to a later version. 

Article Information
Creation Date: