Carbon Black Response - config profile

dyyuan
New Contributor

Hi, has anyone had any success creating a config profile to bypass the kext warning for Carbon Black Response? I opened a tix with them and got some info, did some steps on my own, but looks like we are still missing some info?

https://community.carbonblack.com/t5/Knowledge-Base/EDR-What-are-the-Team-ID-s-for-the-Cb-Response-sensor-kernel/ta-p/62187

The Team ID seems easy enough, but I wasn't sure if I need to do something under the privacy preference control to approve the app access? Basically just trying to get CBR deployed without the warning on user end...thx!

2 REPLIES 2

gabester
Contributor III

@dyyuan I think you might get this to work by having both approved kernel extensions and system extensions. Note: if you're specifying the kernel extension bundle IDs or the allowed system extensions there is a new com.carbonblack.cbsystem.#5-digit-hexcode# - you can review blocked extensions from System Profiler to get an idea of what you might be missing under Apple menu > About this Mac > Overview > System Report > Software > Disabled Software.

matthewnativida
New Contributor

I just tried the steps below and it has worked for me.

https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-How-to-approve-KEXT-on-JAMF/ta-p/52271