Security Connect 2021 is coming Jun 3. Register for free today!

Endpoint Standard: Carbon Black file is detected as XProtect False Positive in MAC Operating System.

Endpoint Standard: Carbon Black file is detected as XProtect False Positive in MAC Operating System.

Environment

  • Endpoint Standard Sensor Version: 3.5.1.13
  • Apple macOS: All Supported Versions

Symptoms

An Alert/Event will be triggered as mentioned below:
  • The file "/Applications/VMware Carbon Black Cloud/CBCloudUI.bundle/Contents/MacOS/CBCloudUI" was scanned and classified as KNOWN_MALWARE. The file has been quarantined.
  • Malware (/Applications/VMware Carbon Black Cloud/CBCloudUI.bundle/Contents/MacOS/CBCloudUI) was detected running. A Deny Action was applied by the Operating System (XProtect)".

Cause

XProtect False positives were reports on sensor executables.

Resolution

Upgrade the Mac sensor to 3.5.1.16 and above to avoid these false positives.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎02-23-2021
Views:
87
Contributors