Environment

• EDR macOS Sensor: 7.x 
• macOS: Mojave (10.14), Catalina (10.15)

Objective

Resolution

1. Log in to Jamf, navigate to “Configuration Profiles”, and select "New"
2. Under the Approved Kernel Extensions select “Configure”.

3. Input the applicable "teamID" and "bundleID
    Team Id: (For Cb Response) 7AGZNQ2S2T
    KEXT Bundle ID:
          com.carbonblack.CbOsxSensorNetmon
          com.carbonblack.CbOsxSensorProcmon
          com.carbonblack.cbsystemproxy.72fc2
    (Note: 72fc2 above reflects the sensor version 7.2.2-osx being installed, modify as needed)

4. Select "Save"
This is a article attached image

This is a article attached image

Additional Notes

• Prior to macOS 10.13.4, software distributions systems (i.e. MDM or JAMF) did not require user-approval to load any properly signed kexts.
• For macOS 10.13 - 10.15, Carbon Black products (as well as other kernel-based products) Netmon and Procmon kernel extensions are required.  For enterprise deployments where it is necessary to distribute software that includes kexts without requiring user approval, it is required to configure the Apple Team IDs for our Carbon Black products in the MDM profile.  
• For macOS 11.x and higher, system extensions are required to be configured in the MDM and is addressed in other articles (see Related Content).
• Both OSX-10.x and OSX-11.x+ profiles can be combined into one Jamf profile.  Ask the Support engineer for guidance from the internal notes.

Related Content

• Managing Legacy Kernel Extensions in macOS Using Jamf Pro - Technical Articles | Jamf
• macOS 10.13.4 Kext Approval Changes
• Carbon Black EDR: Granting macOS Sensor Access on macOS 11
• EDR: How To Obtain and Validate a Jamf/MDM mobileconfig File
• Granting macOS Sensor v7.0+ Access on macOS v11.0+ Big Sur
• EDR: How to Configure Workspace ONE to Deploy Carbon Black Policies for macOS