VMware Carbon Black App Control macOS Agent 8.9.0 Release Notes

VMware Carbon Black App Control 8.9.0 \| 27 JULY 2023 \| Build 8.9.0.339 Check for additions and updates to these release notes.

VMware Carbon Black App Control 8.9.0 | 27 JULY 2023 | Build 8.9.0.339

Check for additions and updates to these release notes.

What's New

The 8.9.0 macOS Agent Release Notes provide information for users upgrading from previous versions as well as for users new to VMware Carbon Black App Control.

Product security is our top priority for Carbon Black App Control. In this release, we have included several new enhancements to ensure that our product is prepared to keep you and your endpoints secure.

IPv6-Only Network Support

The Mac agent now supports being operated in an IPv6 (Internet Protocol Version 6) environment. Operating the agent on IPv6 instead of IPv4 offers many potential benefits, including increased network performance, security, and overall health.

Updates to Trusted Publisher Support

Following up to the initial release of Trusted Publisher Support in the Mac 8.8.0 agent, the Mac 8.9.0 agent now supports additional advanced server configuration settings previously not available.

Exclusion of Specific Publisher Certificate Algorithms - Exclude publisher-based approval of files whose certificates are signed with undesired certificate algorithms.

Set Minimum Certificate Key For Publisher Approvals - Exclude publisher-based approval of files whose certificates do not meet a minimum certificate key size.

8.9.4 Server or Later Required For Mac Trusted Publishers

Customers utilizing Mac Trusted Publishers for the first time must have the 8.9.4 Server or later to ensure existing publisher certificate information is sent to trusted publisher equipped Mac agents. 8.9.4 Server or later servers allow you to request agents to send certificate information via a new option in the cache consistency check menu, Re-evaluate publishers.

Without the 8.9.4 Server or later and the administrator performing this action, the certificate information from trusted publisher equipped Mac agents would not be available to the server and therefore publisher rules would not be able to be created and delivered back to the agent.

For more information, see Performing a Cache Consistency Check in the 8.9.4 User Guide.

Note: Trusted Publisher will only work on 8.8.0 or later agents running on system-extension based operating systems (macOS 11.x Big Sur and later) and not on KEXT based operating systems. (macOS 10.15.x and older).

For information, see Approving or Banning by Publisher in the 8.9.4 User Guide.

Resolved Issues

EP-15756: Fixed an issue where newly created rules are not properly applied after manually importing a configlist from the server.
EP-17399: Fixed an issue where under certain circumstances tamper protection could be bypassed. (EA-22389)
EP-18120: Fixed an issue where the "b9cli --capture" command would time out.

Known Issues

EP-5821: Software RAID 0/1 device control status is always “Unapproved” and cannot be manipulated through device control
EP-6055: The macOS agent does not capture extended file attributes
EP-13191: Changing the name of a policy after it is assigned to an agent, the updated policy name does not display on the details page of that agent
EP-14175: In the case of System Extensions, the first execution of process is always denied unless it is approved by the user.

In the case of a custom rule execution prompt, even if the user approves, App Control prompts the user with the termination of process. This is expected behaviour.
EP-15277: kernelFileOpExclusions configured on the server are not working as expected on Mac agents.
EP-15282: Mac agent prevents files from being modified in High Enforcement Policy

Modifying a file when in high enforcement results in the notifier being displayed, and the agent blocking the change. File modification should be allowed, unless there is rule preventing this action.
EP-15300: In medium enforcement, notifier freezes when multiple, unapproved, interesting files are executed on MacOS BigSur and higher

This issue is on MacOS version 11.X and above. If file must be approved, you can create a path exclusion rule for that interesting file.
EP-15323: KernelSupport and SystemProxy kexts are loaded after upgrading from Catalina to Monterey

When agent version 8.7.2 is installed on an endpoint and the OS is upgraded from ‘Catalina or below’ to ‘Big Sur or above’, 2 kexts [com.bit9.KernelSupport, com.bit9.SystemProxy ] out of 4 are found still loaded.
EP-15471: Device vendor name is not displayed on the server when a device is connected through a thunderbolt port
EP-15747: Manually importing 'configlist.xml' from the server results in a disconnected agent, even after machine reboot.
EP-17552: 8.8.0 Mac agent initialization remains at 0% upon fresh installation with the 8.8.4 App Control Server
EP-17706: For macOS 11.x, the "Bytes Examined" field in "b9cli --status", under "Cache Information" shows more bytes scanned than total bytes during initialization.