Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Defense: How to approve KEXT on JAMF

CB Defense: How to approve KEXT on JAMF


  • CB Defense Sensor: 3.0 and higher
  • Apple macOS: 10.13 and higher


Pre-approve Cb Defense KEXT IDs described in macOS 10.13.4 Kext Approval Changes before install or upgrade of Mac Sensor 3.0 and above.


  1. Log in to JAMF, navigate to “Configuration Profiles”, and select "New" 
  2. Under the Approved Kernel Extensions select “Configure” 
  3. Input the applicable "teamID" and "bundleID" described in macOS 10.13.4 Kext Approval Changes for the sensor version you are installing 
  4. Select "Save"

Additional Notes

  • Starting with macOS 10.13.0 (High Sierra), Apple created a whitelist for KEXTS. This is a new Apple feature that requires user approval before loading new third-party kernel extensions such as Cb Defense kernel extension, com.confer.sensor.kext for Sensor version 3.0 or com.carbonblack.defense.kext for Sensor version 3.1 or higher. See Apple Technical Note TN2459 for more details and recommendations for enterprise environments.
  • If KEXT is not approved at the time of loading, the Mac Sensor will install with status "Sensor Bypass Admin Action" in the Sensor Management Page of the Cb Defense Web Console. See Cb Defense: Mac Sensor installs with status "Sensor Bypass Admin Action" for details.
  • In some situations you may see an additional pop up stating that a reboot is required; however, the sensor does not need to reboot after the install/upgrade on physical machines. You may choose not to reboot and the sensor should reload within 30 minutes.

Related Content

Was this article helpful? Yes No
100% helpful (2/2)
Article Information
Creation Date: