Carbon Black Cloud: Unable to upgrade or install due to existing system extension (macOS)
Carbon Black Cloud Sensor: 3.5.1.x and Higher
Apple macOS: 10.15 and Higher (Catalina
Install of 3.5.1.x or higher Sensor fails
Error message displayed in preinstall log indicates failure to unload installed System Extension
failed to uninstall system extension
program terminated with error code: 4096
Checking on Systemextensionsctl shows Carbon Black installed
sudo Systemextensionsctl list
enabled active teamID bundleID (version) name [state]
* * 7AGZNQ2S2T com.vmware.carbonblack.cloud.se-agent.extension (3.5.2fc76/3.5.2fc76) com.vmware.carbonblack.cloud.se-agent.extension [activated enabled]
Previously installed System Extension is unable to be uninstalled without first disabling System Integrity Protection (SIP) NOTE: Using newly added scripts this can be worked around without disabling SIP. This can be done using Resolution 1 below. Resolution 2 can still be used if Resolution 1 cannot be used.
This is the optimal solution using scripts that don't require SIP to be disabled.
Drop a 3.8.0 or greater series sensor DMG onto the affected endpoints.
From the docs/ directory of the sensor DMG, find and execute the CBCloud Cleanup Tool.pkg.
Follow the steps of the CBCloud Cleanup Tool installer.
Upon successful completion, the system extension will be in the [Terminated waiting to uninstall on reboot] state. A reboot is not required, and sensor upgrade or uninstall can immediately be re-attempted.
Note: This tool is not intended to be used on healthy endpoints and will not continue with removing the system extension if a healthy endpoint is detected.
Previous Solution requiring SIP to be disabled. Does not need to be used if the Resolution above has been followed.
Check Systemextensionsctl for com.vmware.carbonblack.cloud.se-agent.extension
Version will display with 'fc' included (i.e., 3.5.1fc23, 3.5.1fc31, or 3.5.2fc76) and is normal
If the system is on macOS12+, we have success stories resolving the error by adding the "RemoveableSystemExtensions" setting in the System Extensions payload specifically targeting com.vmware.carbonblack.cloud.se-agent.extension.
If installation still fails, run through step 5 above, outputting to a file with the name of the device and please open a case with Carbon Black Technical Support