Endpoint Standard: How to approve Mac Sensor 3.0 KEXT for Install/Upgrade
Endpoint Standard: 3.0 and above
Apple MacOS: Mac OS 10.13 and above
Carbon Black recommends submitting the applicable Endpoint Standard KEXT IDs described in macOS 10.13.4 Kext Approval Changes for approval by MDM before install or upgrade of Mac Sensor 3.0. However, if KEXT is not pre-approved by MDM, this article describes how to approve KEXTs locally upon install or upgrade.
When installing or upgrading to Mac Sensor 3.0 on High Sierra+, the installer will pause and you will see a prompt from the installer telling you to allow the kernel extension within 5 minutes
Behind this notification is another notification from the OS explaining how to allow the extension from "Scargo, Inc."
Opening Security preferences pane, you can allow the software from "Scargo, Inc.” to run
The installer will finish, the kernel extension will load, and the Cb logo will load in the menu bar
Use the below command to verify that the CB Defense KEXT extension has been approved
Starting with macOS 10.13.0 (High Sierra), Apple created a whitelist for KEXTS. This is a new Apple feature that requires user approval before loading new third-party kernel extensions such as CB Defense kernel extension, com.confer.sensor.kext for Sensor version 3.0 or com.carbonblack.defense.kext for Sensor version 3.1 or higher. See Apple Technical Note TN2459 for more details and recommendations for enterprise environments.
In some situations you may see an additional pop up stating that a reboot is required; however, the sensor does not need to reboot after the install/upgrade on physical machines. You may choose not to reboot and the sensor should reload within 30 minutes.