VMware Carbon Black App Control 8.7.2 | 02 MAY 2022

Check for additions and updates to these release notes.

What's New

The 8.7.2 macOS Agent Release Notes provide information for users upgrading from previous versions as well as for users new to VMware Carbon Black App Control.

Product security is our top priority for Carbon Black App Control. In this release, we have included several new enhancements to ensure that our product is prepared to keep you and your endpoints secure.

  • Resolution of defects around agent functionality and stability improvements on macOS 11 and 12.

    This release was focused on the resolution of previous defects and optimizations of macOS performance. For more details, see the Resolved Issues section.

New Setup Guidelines

  • Apple’s Secure Kext Loading feature extends to MDM deployments for MacOS 10.14.x Mojave and MacOS 10.15.x Catalina

    You must approve Carbon Black kernel extensions ahead of MDM deployment using our Team and Bundle IDs.

    Please see https://community.carbonblack.com/docs/DOC-13277 for more information.

  • Apple’s System Extension Loading feature extends to MDM deployments for MacOS 11.x BigSur and MacOS 12.x Monterey

    You must approve Carbon Black System extensions ahead of MDM deployment using our Team and Bundle IDs.

    For more information, please see macOS Agent Installation Instructions - MDM with Jamf section in the 8.7.0 macOS Agent release notes

  • Installation using BSX on MacOS 12.x Monterey Platform

    In case of manual or MDM based installation using BSX file on MacOS 12 Monterey, use the command line sudo LC_ALL=C bash <bsx path> if sudo bash <bsx path> is not working.

Resolved Issues

  • EP-5967: Fixed an issue where a “new device found” message displayed when a known, removable device was plugged in.

    The list of devices maintained is now updated whenever a device is attached to the agent machine.

  • EP-6081: Fixed an issue where no information from EDR sensors (including their presence or absence) was reported to the App Control server from macOS endpoints

    Now, App Control checks if the EDR process is running, Kext/SE is running, extracts version info and other details, and then sends it to server.

  • EP-7320: Fixed an issue where the agent erroneously lists the hard drive along with removable devices in macOS endpoints running macOS 10.13.6 (or later)

    Device info is now sent only device events are received. In addition, the "removable" status is not updated by the server once an entry is made. 

  • EP-13812: Fixed an issue where deleted Script Rules were not cleared out properly until rebooting

    Now, when a rule is deleted, the residual tag is also deleted from the list.

  • EP-14215: Fixed an issue where SE XPC crashed on macOS 12 Monterey after FDA is given to SE

    After installation (non MDM), if loading of SE was allowed before providing FDA, a crash was observed in SE.

  • EP-14383: Fixed an issue where the prompt did not display when copying a file if the custom rule was type 'File Creation Control' having 'Write Action' as 'Prompt'

  • EP-14624: Fixed an issue where download failure did not occur even if "Resource Download Location" had an invalid value

    In the case where “Resource Download Location” is given incorrect value at server console->System configuration->Advanced options, the upgrade process does not trigger and reports the appropriate failure logs.

Known Issues

  • EP-5821: Software RAID 0/1 device control status is always “Unapproved” and cannot be manipulated through device control

  • EP-6055: The macOS agent does not capture extended file attributes

  • EP-13191: If you change the name of a policy after it is assigned to an agent, the updated policy name does not display on the details page of that agent

  • EP-14175: In the case of System Extensions, the first execution of process is always denied unless it is approved by the user.

    In the case of a custom rule execution prompt, even if the user approves, App Control prompts the user with the termination of process. This is expected behaviour.

  • EP-15300: In medium enforcement, notifier freezes when multiple, unapproved, interesting files are executed on MacOS BigSur and higher

    This issue is on MacOS version 11.X and above. If file must be approved, you can create a path exclusion rule for that interesting file. 

  • EP-15323: KernelSupport and SystemProxy kexts are loaded after upgrading from Catalina to Monterey

    When agent version 8.7.2 is installed on an endpoint and the OS is upgraded from ‘Catalina or below’ to ‘Big Sur or above’, 2 kexts [com.bit9.KernelSupport, com.bit9.SystemProxy ] out of 4 are found still loaded.

  • EP-15327: Delete action through finder is not displaying a prompt

    Custom rule for 'file creation control' is created where 'write action' is 'prompt' and specific directory path is provided. When delete action using finder is performed on a file which is in directory mentioned in path parameter of rule, a prompt does not display and delete action is allowed.

check-circle-line exclamation-circle-line close-line
Scroll to top icon