Environment
- Carbon Black Cloud Console: All Supported Versions
- Carbon Black Cloud Sensor: All Supported Versions
- Apple MacOS: 10.x
Symptoms
- Post 14 April 2022 Console Update, MacOS device(s) display "Bypass (extension load pending)" in the CBC Console
- Prior to 14 April 2022 Console Update, MacOS device(s) displayed "Bypass (admin action)" in the CBC Console
Cause
This is commonly caused because system / network extension extensions are not administratively pre-approved
Resolution
Determine if a MDM solution is being used.
- Run the below command
sudo profiles -P
- Results for no MDM
There are no configuration profiles installed.
- Results for with MDM will contain the below in the output:
com.apple.mdm
Approve Extensions using MDM (preferred)
Approve Extensions without MDM
In cases where the approval is not in place, complete the following steps:
- Open Security Preferences
- Open "Security & Privacy"
- Click Unlock to change settings and select "App Store and identified developers" then click "Allow" for Carbon Black App
- Verify system extension by running the below command
sudo Systemextensionsctl list
- If results show that you need to reboot to unload old driver proceed with reboot.
- Check by refreshing the Console or CBC app in top right corner after reboot
- Verify FDA (Full Disk Access) and approve if needed
- Console
- Manually on the system
If you've verified a reboot does not resolve the issue, and all approvals are in place, please
Contact Technical SupportAdditional Notes
Related Content
