Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to Deploy Sensor to Mac With Jamf Pro

Carbon Black Cloud: How to Deploy Sensor to Mac With Jamf Pro

Environment

  • Carbon Black Cloud Sensor: 3.2.x.x thru 3.4.x.x
    • Audit & Remediation (was CB ThreatSight)
    • Endpoint Standard (was CB Defense)
    • Enterprise EDR (was CB ThreatHunter)
  • Apple macOS: 10.13.x - 10.15.x
  • Jamf Pro: 10.9.x and Higher

Objective

Deploy Carbon Black Cloud Sensor with Jamf Pro on Pre-Big Sur macOS

Resolution

Create an Approved Kernel Extensions Configuration Profile

  1. In Jamf management console, select Configuration Profiles > New
  2. Configure "General" payload
  3. Configure "Approved Kernel Extensions" payload with the following parameters
    • Display Name: Carbon Black
    • TEAM ID: 7AGZNQ2S2T
    • Approved Kernel Extensions
    • DISPLAY NAME: Carbon Black Defense
    • KERNAL EXTENSION BUNDLE ID: com.carbonblack.defense.kext
  4. Scope to appropriate Computers

Create CB Defense Package

  1. Open "confer_installer_mac-<Version>.dmg" and put "CbDefense Install.pkg" into /Users/Shared/
  2. Open Composer
  3. Drag /Users/Shared/ folder into Composer
  4. Delete all items other than installer within /Users/Shared/
  5. Create .PKG
  6. Upload to Jamf Pro

Upload or Create Script

  1. Open "confer_installer_mac-<Version>.dmg"
  2. Open "docs" folder
  3. Upload "cbdefense_install_unattended.sh" to Jamf Pro using Jamf Admin

OR

  1. Edit "cbdefense_install_unattended.sh"
  2. Copy contents and create a new Script in Jamf Pro
  3. Edit
  4. CBD_INSTALLER="/Users/Shared/CbDefense Install.pkg"
  5. COMPANY_CODE='<company_code>'

Create Policy to Deploy Carbon Black Defense

  1. In Jamf management console, select Policies > New
  2. Configure "General" payload
  3. Configure "Packages" payload
  4. Select package created above
  5. Configure Scripts
  6. Select script created above
  7. Scope to appropriate computers

Additional Notes

  • Environment section includes confirmed versions; these steps may work with earlier versions of Jamf and Carbon Black Cloud Sensor as well
  • All items called out above as <Value> should be replaced with actual values, including <>
    Example:
    If Company Registration Code is 1a@b3c$d5e6f7g8h9i0j
    
    COMPANY_CODE=<company_code> becomes COMPANY_CODE='1a@b3c$d5e6f7g8h9i0j'

Related Content


Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
Creation Date:
‎03-04-2019
Views:
7143