logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

On a Mac system, what can trigger the default tamper protection events?

On a Mac system, what can trigger the default tamper protection events?

Version

Bit9 Agent 7.0.1 and higher.

Topic

This document provides information on what triggers tamper protection events on Mac systems.

Q/A

Question

On a Mac system, what can trigger the default tamper protection events?

Answer

There are a number of items that can trigger tamper protection; any attempt to modify a Bit9 file (binary, plist file or anything in the Bit9 data directory), any ptrace of the b9daemon or any attempt to kill the daemon, any attempt to remove a Bit9 file, and any attempt to rename a Bit9 file.

There are also a few fringe cases where we will block requests for permission. I.E. process Z asks for permission to perform action X on Bit9 file Y, even if process Z had no intention of performing action X.

Labels (1)
Labels:
Was this article helpful? Yes No
No ratings
Article Information
Author:
anadrowski
Creation Date:
‎01-19-2015
Views:
956
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.