Carbon Black Kernal Panic

New Contributor III

Has anyone found a fix for the Bit9 (Carbon Black Protect) or Carbon Black Response kernel panic? This was caused by having CB installed and installing the Security Update 2018-001.


New Contributor II

Please upgrade your Carbon Black sensor to the latest version This version seems to be stable even on 10.13.4 Beta. I've tested the agent on 10.11.6, 10.12.6, 10.13.3 and 10.13.4 (Beta) with all the Apple Security updates installed. Older agents must be removed first before proceeding with new installation.

Carbon black has a built-in removal uninstaller script

Contributor II

@bbracey In our initial testing, CB version 6.1.3 resolves this. However, any prior version of CB on the device has to be removed before 6.1.3 is installed. If you do an upgrade in place to this newer version, CB will still cause kernel panics with 2018-001.

Single policy removes CB version *old and then installs 6.1.3.
Once 6.1.3 is installed the devices fall into a smart group looking for that version.
Security 2018-001 is scoped against that smart group so it installs once 6.1.3 is in place.

Contributor II

You have to either remove the CB Sensor in safe mode, or install a version compatible with the Security Update. If you have a machine experiencing the issue, boot to safe mode, then run the uninstaller.

I got in touch with one of our security guys and they passed along a version of carbon black that was compatible, a recent release. We've not rolled it out yet but I put it on a test machine with 10.13.1 and was successfully able to upgrade to 10.13.3 with no issues.

Hope that helps.

Valued Contributor II

theres a new version of CB/Bit9 and to remediate via deleting the b9kernel.kext

see this discussion too


New Contributor II

The above worked well for us. Just don't forget quotes around cd Step 5 otherwise will not work as is.

Contributor II

InfoSec leaders often mandate the use of 3rd party security agents on macOS.
It is important to regularly audit the effectiveness of each security agent.
In other words, ask the team(s) responsible for each security agent to provide a monthly report for Mac systems.
What has the security agent caught or prevented? This info can help build a valid argument against using multiple 3rd party security agents.


New Contributor III

had this same issue. Uninstalled worked well. Easy enough to roll out again once it is fixed up.