logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

OS X: File Integrity Rules Prevent Finder from writing to .DS_Store

OS X: File Integrity Rules Prevent Finder from writing to .DS_Store

Version

7.x

Issue
Bit9 Agent will prevent the Finder from writing to the .DS_Store if a File Integrity rule is enabled for that directory.

Symptoms
The Bit9 Agent will show a block notifier on screen with the process as 'Finder'


Cause
This is intended behavior for a File Integrity rule (preventing writes).


Solution
You can create a custom rule to silence the notifier.

 

Important Note(s)

**Important** - Please test out the rule in a OS X testing policy before placing into production.

Name:  OS X File Integrity .DS_Store Silence

Description: Ignore Finder to modify the .DS_Store for Directory XYZ

Status: Enabled

Platform: Mac

Rule Type: Advanced

Operation: Write

Write Action: Silence

Path or File: Specific Path...

                     *.DS_Store

Process:   Specific Process...

                  /System/Library/CoreServices/Finder.app

User or Group: Any User

Rule Applies to: All Policies

Tags (3)
Was this article helpful? Yes No
No ratings
Article Information
Author:
jnaiga
Creation Date:
‎12-22-2015
Views:
654
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.