Announcing the Release of Cb Defense macOS Sensor 3.0
We are excited to announce the release of the new Cb Defense macOS sensor 3.0! This major release contains improved ransomware prevention, live response capabilities, High Sierra support, along with a number of other features and bug fixes. The new sensor is now in General Availability (GA) and can be downloaded from the Enrollment page in your Web Console.
This update will be rolling out to Production environments throughout the next few business days. Please see the expected rollout schedule in the table below to learn when this release will be available for download.
As always, please download this new version by browsing to the Enrollment > Manage Sensors page.
Sensor installations on macOS 10.13, High Sierra, require initial KEXT approval of the product kernel extension by administrative policy or end-user. This new requirement enforced by Apple applies to all third party products that have a driver component.
Cb Defense recommends that you pre-configure High Sierra devices with Cb Defense pre-approved drivers by using: MDM policy, netboot, or pre-configured images. This approach simplifies sensor deployment, especially in unattended mode.
If Cb Defense drivers are not pre-approved before sensor installation, the behavior is as follows:
Unattended installation: Installation finalizes and returns success, but logs a warning to installation logs. Because CB Defense drivers cannot load, the sensor enters Bypass state and reports this state to the cloud. After KEXT is approved (either by an end-user or an administrator with MDM policy), the sensor recovers within one hour and enters the full protection state.
Attended installation is handled similarly to unattended, with two differences: (1) sensor installation displays a dialog message that requests the end user to approve the KEXT using system preferences; (2) installer stalls for up 10 minutes, giving a user a chance to approve the KEXT.
To identify devices with sensors not supporting currently loaded OS, go to Enrollment page, change Status filter to All, and type the following search query: sensorStates:UNSUPPORTED_OS
Use the following search query to help identify devices with sensors that do support the new OS but with sensor KEXT not approved: sensorStates:DRIVER_INIT_ERROR
See Apple Technical Note TN2459 for more details and recommendations for enterprise.