logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Carbon Black Cloud: How To Add Removable System Extension Configuration in MDM

Carbon Black Cloud: How To Add Removable System Extension Configuration in MDM

Environment

  • Carbon Black Cloud MacOS Sensor: 3.8 and Higher
  • App MacOS: 12 and Higher

Objective

  • Apple introduced a feature for macOS12+ in which system extensions can be configured to be removable using MDM configuration profile so that user authorization is not required for uninstallation.
  • CB highly recommends deploying this policy in environments, for maximum interoperability during sensor upgrade and uninstall and full compliance with macOS SysEXT management via MDM.

  • Adding removable system extension configuration in MDM

    Removable system extension can be configured using the instructions present in the docs section of installer, MDM-instructions.txt and MDM-SYSEXT-approval-mobileconfig-sample.txt.


Resolution

 

  1. MDM-instructions.txt

MDM System Extension Approval Configuration - To construct the correct configuration, you must specify the Apple Team ID and System Extension bundle ID in your

configuration profile

Deactivation approval configuration

Section:  Removable System Extensions

Apple Team ID: 7AGZNQ2S2T

System Extension Bundle ID: com.vmware.carbonblack.cloud.se-agent.extension

  1. MDM-SYSEXT-approval-mobileconfig-sample.txt  
    <key>AllowedSystemExtensions</key>
    <dict>
        <key>7AGZNQ2S2T</key>
        <array>
            <string>com.vmware.carbonblack.cloud.se-agent.extension</string>
        </array>
    </dict>
<key>RemovableSystemExtensions</key>
    <dict>
        <key>7AGZNQ2S2T</key>
        <array>
            <string>com.vmware.carbonblack.cloud.se-agent.extension</string>
        </array>
    </dict>

Additional Notes

  • Verify removable system extension status using repcli status
    • Removable system extension status can be found under general info section of repcli status - Removable: Unknown/Yes/No
      • State values
        • Unknown - MDM removable system extension policy value is yet to be read/fetched.
        • Yes - MDM removable system extension policy is available
        • No - MDM removable system extension policy is not available
  • Status Message: The status message will be set if the MDM removable system extension policy is missing. It can be viewed on the sensor using repcli status command.

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎12-13-2023
Views:
381
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.