Environment
- CB Defense PSC Console: July '17 and Higher
- CB Defense Sensor: 3.0.x.x and Higher
- Apple macOS: 10.13.0 (High Sierra) and Higher
Objective
Find sensors installed on macOS 10.13.x and higher where the kernel extension (KEXT) still requires approval to allow install to complete and the sensor to run as designed.
Resolution
- Select Endpoints on the left of the Web Console.
- Set the Policy Filter to "All Policies" and set the Status filter to "All".
- Search with the following term:
sensorStates:DRIVER_INIT_ERROR
Additional Notes
- Secure Kernel Extension Loading was introduced with macOS 10.13 High Sierra. As a result, the KEXT associated with the Cb Defense Sensor must either be manually approved by end users or pre-approved with an MDM profile.
- When Secure Kernel Extension Loading was first introduced in macOS 10.13.0, it was bypassed as long as the Mac was managed with any MDM profile. Beginning with macOS 10.13.4, MDM management alone is not sufficient. The Cb Defense Team ID and Bundle ID must be added to the profile for KEXT approval.
- The Team ID and Bundle ID vary depending on the Cb Defense sensor version.
- Additional required and optional parameters included with MDM profiles are covered in Apple's developer documentation.
Related Content
