Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to prevent end user from stopping the Enterprise EDR Sensor on macOS

Carbon Black Cloud: How to prevent end user from stopping the Enterprise EDR Sensor on macOS

Environment

  • Endpoint Standard Sensor: All Supported Versions
  • Endpoint Standard Sensor UI 

Objective

Prevent end users from disabling the EEDDR Sensor on macOS endpoints via Settings > Login Items 

Resolution

A custom configuration profile needs to be created through Apple Configuration 2 to restrict users from disabling the Sensor. The basic format of the configuration provided below can be used.
 
<key>RuleType</key> 
<string>TeamIdentifier</string>
 <key>RuleValue</key> 
<string>7AGZNQ2S2T</string>

Additional Notes

The string value "7AGZNQ2S2T" is the Team ID for the Carbon Black Cloud software. 

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎01-31-2023
Views:
216
Contributors