Help

macOS Mojave 10.14.0 - Carbon Black Defense

ThijsX
Valued Contributor
Valued Contributor

Posted on ‎09-24-2018 01:17 PM

Hi there.

Just sharing is caring this.

Updated my machine for testing purposes to 10.14.0 and like also in the BETA's our Carbon Black Defense sensor is not working on 10.14.0 and gets in Bypass mode.

My first suggestion was that it was an KEXT not correctly loaded or something in that way.
With some help, discovered that it is just the CB Defense sensor that is not 10.14.0 compatible.

Check below for version information and compatibility, after i installed the beta it directly got out of Bypass mode.

Supported sensor and agents
Beta Sensor

Cheers

10 REPLIES 10

alexjdale
Valued Contributor III

Posted on ‎09-24-2018 01:43 PM

Yep, also we are jumping over an earlier 3.x version and have to add the new sensor's kext to our whitelist since it changed. I imagine this will affect others as well.

0 Kudos

pchen_plaid
New Contributor II

Posted on ‎09-27-2018 11:35 AM

I was going crazy myself over this, thanks!

0 Kudos

sammatthews
New Contributor II

Posted on ‎10-01-2018 02:25 AM

Got this from one of our engineers sensor for 10.14 is currently in testing. Rollout is expected 3/10/2018

9f1bcffe08444534ad31448efe1704ac

boberito
Valued Contributor

Posted on ‎10-01-2018 07:08 AM

March 10th? Or October 3rd?

0 Kudos

jconte
Contributor II

Posted on ‎10-01-2018 07:13 AM

I am hoping Oct 3.

ThijsX
Valued Contributor
Valued Contributor

Posted on ‎10-01-2018 11:33 AM

Suprise!

9eef0be8bff74d79a82d0351265af2ab

Went to download sensor kits, not there yet :(

0 Kudos

rderewianko
Valued Contributor II

Posted on ‎10-01-2018 06:32 PM

With the pending 3.2 release they also update the kext you have to whitelist.
com.carbonblack.defense.kext - 7AGZNQ2S2T

ThijsX
Valued Contributor
Valued Contributor

Posted on ‎10-08-2018 01:37 PM

Excuse me for the late reply, new sensor had been released and seems to work fine,

Keep in mind that there are some extra parameters in the unattended install that in some cases need to be changed

somethingwithKEXT

0 Kudos

alexjdale
Valued Contributor III

Posted on ‎10-08-2018 01:46 PM

Yes, the unattended installer script probably should be used with the --skip-kext-approval-check argument. It was receiving a false positive from their kext whitelist check (which their script blames Apple for, appropriately) and refusing to install, even though we had the proper kext whitelist MDM profile in place and working.

I appreciate how the menu icon will turn blue when the sensor is operating and grey when it's put into bypass mode.

0 Kudos

swapple
Contributor III

Posted on ‎04-10-2019 11:41 AM

Has their KEXT changed again?? I have 7AGZNQ2S2T and JA7945SK43 in my profile and am getting the System Extension Block message.

0 Kudos