How to add the Workstation ONE UEM policies necessary to successfully deploy Carbon Black macOS sensor.

1.  Confirm the devices are registered.
2.  Confirm the macOS devices are in the correct Smart Group.
3.  Add all 3 required profiles documented in "Granting macOS Sensor Access on macOS 11.0+ Big Sur" into 1 policy:
  a.  Add a policy. 
       In the Workspace ONE UEM console (WS1), select Resources > Profiles & Baselines > Profiles > Add > Add Profile.
       Select macOS.  Select Device Profile.   b.  Fill in the General Section.
       Name:  VMware Carbon Black Profiles
       Description: Contains SysExt Content and Full Disk
       Deployment: Managed
       Assignment Type: Auto
       Allow Removal:  Always
       Managed By: <your account>
       Smart Groups:  <select a smart group with macos 11.x and 12.x devices>
       Exclusions:  NO
       Additional Assignment Criteria:   Do NOT select.   c.  In the left margin, select System Extensions to add the CB System Extension policy.
       Hit the Configure button.
       Allow User Overrides:  Click to select.
       Team Identifier: <leave the default>
       Allowed System Extensions > Add System Extension.
                Team Identifier:  7AGZNQ2S2T
                 Bundle Identifier:  com.carbonblack.es-loader.es-extension
  d.  In the left margin, select Content Filter to add the CB Network Web Content policy.
        Select CONFIGURE.   (Note: The contents should be manually typed; Cut-n-Paste introduces hidden characters)
        Filter Type:  Plug-In
        Filter Name: Carbon Black Network Content Filter
        Identifier:  com.carbonblack.es-loader
        Service Address:  <leave blank>
        Organization:  <leave blank>
        Filter WebKit Traffic:   Click to select.
        Filter Socket Traffic:   Click to select.
        Authentication:
           Username:  <leave blank>
           Password:  <leave blank>
           Identity Certificate:  <leave blank>
        Custom Data:
            Select Add   e.  In the left margin, select Privacy Preferences to add the CB Privacy Profile.
       Select CONFIGURE.  (Note: The contents should be manually typed; Cut-n-Paste introduces hidden characters)
       Select ADD APP. The endpoint is ready for the VMware CB macOS 7.x install package.

• It is best to test the policy on 1-2 sensors prior to a large deployment to confirm the policies work.   Confirm filemods, modloads and netconns are reporting to the EDR console.
• Confirm a complete install using the following commands on the endpoint:

cat /var/log/cblog.log  (Good: activating extension success and Launching daemon)
systemextensionsctl list (Good: Only one Cb extension which is active, enabled)
log show -start "yyyy-mm-dd xx:xx:xx" --debug | grep -i cbosx [where xx is the time of installation]  
(Good:  Look for event types 1, 2 and 5 followed by data)

• Troubleshooting Tips:
  • If filemods and modloads are not reporting into the EDR console, then review the Privacy Preferences section for errors.
  • If netconns are not reporting into the EDR console, then review the Content Filter for errors.
  • The contents should be manually typed; Cut-n-Paste introduces hidden characters and the policy fails. 
  • Export the policy xml;  On a Mac or Linux OS use less <xml> to identify extra characters.  If needed use 'hexdump -C <xml>' and compare to a working policy xml provided by Support.
• If the policy needs to be corrected, it is best to uninstall, reboot, confirm the correct policy is installed and use the silent installer to install again.

launchctl unload /Library/LaunchDaemons/com.carbonblack.daemon.plist
/Applications/"VMware Carbon Black EDR.app"/Contents/Resources/sensoruninst.sh
reboot & check new policy
installer -pkg /dirtopkg/CarbonBlackClientSetup.pkg -target /

•  WS1 importing of a profile defaults to a iOS profile instead of macOS, therefore as of Mar 2022 an exported macOS XML can not be properly imported into WS1.