Environment
- Endpoint Standard Sensor Version: 3.5.1.13
- Apple macOS: All Supported Versions
Symptoms
An Alert/Event will be triggered as mentioned below:
- The file "/Applications/VMware Carbon Black Cloud/CBCloudUI.bundle/Contents/MacOS/CBCloudUI" was scanned and classified as KNOWN_MALWARE. The file has been quarantined.
- Malware (/Applications/VMware Carbon Black Cloud/CBCloudUI.bundle/Contents/MacOS/CBCloudUI) was detected running. A Deny Action was applied by the Operating System (XProtect)".
Cause
XProtect False positives were reports on sensor executables.
Resolution
Upgrade the Mac sensor to 3.5.1.16 and above to avoid these false positives.
Related Content