Environment
- Carbon Black Cloud Sensor: 3.2.1.10 and higher
- Apple macOS: 10.14.5 and higher
Question
Is it required to grant the Sensor Full Disk Access when running macOS 10.14.5 and higher?
Answer
Full Disk Access is not required for the Sensor to function, but it is required for the Sensor to be fully effective. Not granting the Sensor Full Disk Access has the following results:
- The Background scan will not reach pre-existing malware located in directories protected by the Full Disk Access requirement
- The Sensor may not be able to report some file metadata such as code signing of certificates
- The Sensor will still scan and act accordingly on any pre-existing files that are launched from protected directories
- If files are dropped after the Sensor is installed, the Sensor will still hash the file and block malware on pre-execute
- Carbon Black Support will be unable to collect all necessary device log data on behalf of the CB Administrator when troubleshooting an issue
Additional Notes
- Carbon Black recommends granting the Sensor Full Disk Access on all macOS machines running 10.14.5 and higher
- Granting Full Disk Access is an additional step beyond kernel extension approval and does not replace that process
Related Content