Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR Sensor: macOS kernel panic due to older KEXT files present

EDR Sensor: macOS kernel panic due to older KEXT files present

Environment

  • EDR (Formerly CB Response) Sensor: 6.2.5-6.2.6
  • macOS: All Supported Versions
  • Newly installed sensor software

Symptoms

  • macOS endpoint kernel panics
  •  Kernel panic repeats 5-10 minutes after reboot

Cause

Older KEXT files from the 6.2.5 sensor are left behind after upgrading to 6.2.6

Resolution

  1. Uninstall the CB Response Sensor software.
  2. Remove old "KEXT" files: (zip them up and move them to another folder)
/System/Library/Extensions/CbOsxSensorNetmon.kext
/System/Library/Extensions/CbOsxSensorProcmon.kext
  1. Reboot the endpoint.
  2. After the reboot, re-install the newer 6.2.6 sensor.

Related Content


Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎01-31-2020
Views:
1327
Contributors