Carbon Black App Control 8.9.4 | 12 June 2024 | Build 8.9.4.559

Check for additions and updates to these release notes.

What's New

The 8.9.4 macOS Agent Release Notes provide information for users upgrading from previous versions as well as for users new to Carbon Black App Control.

Product security is our top priority for Carbon Black App Control. In this release, we have included several new enhancements to ensure that our product is prepared to keep you and your endpoints secure.

This is a maintenance release. Please see the Resolved Issues for details.

Downloading the Software

You can access all Carbon Black App Control software by logging onto the Broadcom customer portal, navigating to the Downloads section, and searching for the software you need.

Important:

You can use this direct link to download the Carbon Black App Control macOS Sensor 8.9.4.559 agent.

The SHA-256 for Carbon Black App Control macOS Sensor CB_App_Ctrl_Mac_8.9.4.559.zip is:

ce4f117a998ed555e43e5023a5c10210d7994cb2f4e511bd9a2cb767341cad13
Important:

INSTALLATION INSTRUCTIONS:

BEFORE upgrading to the new 8.9.4 mac agent, make sure rule installer 1.26 or later is installed. Then do an auto-upgrade of the macOS agent from the server.

Resolved Issues

  • EP-20987: Added more verbose descriptions for the agent error messages

    The error messages generated by the agent were very short and did not provide useful information.

  • EP-21018: Fixed a defect in which the agent wasn't able to analyze files when the path of the file contained special characters (EA-24540)

  • EP-21164: Fixed an issue where, in certain conditions, when a user clicks to restart their system, the agent communication with the system extension is lost and thus the agent is terminated by the operating system

  • EP-24264: Fixed an issue that occurs in some situations where the agent fails to start properly after installation with the message, "Unable to connect to the Kernel. Agent will not track files."

Known Issues

  • EP-5821: Software RAID 0/1 device control status is always “Unapproved” and cannot be manipulated through device control

  • EP-13191: Changing the name of a policy after it is assigned to an agent, the updated policy name does not display on the details page of that agent

  • EP-14175: In the case of System Extensions, the first execution of process is always denied unless it is approved by the user

    In the case of a custom rule execution prompt, even if the user approves, App Control prompts the user with the termination of process. This is expected behavior.

  • EP-15277: kernelFileOpExclusions kernel exclusions configured on the server aren’t set on the mac agent side as they are not implemented for the mac agent

  • EP-15282: Agent prevents file to be modified unexpectedly in High Policy

    If agent is in high enforcement policy and existing script file is being modified, then b9notifier prompt is displayed and agent blocks the actions. It should be allowed to modify a given file, unless there's a rule that prevents to do so.

  • EP-15300: In medium enforcement, notifier freezes when multiple, unapproved, interesting files are executed on MacOS BigSur and higher

    This issue is on MacOS version 11.x and above. If file must be approved, you can create a path exclusion rule for that interesting file. 

  • EP-15323: KernelSupport and SystemProxy kexts are loaded after upgrading from Catalina to Monterey

    When agent version 8.7.2 is installed on an endpoint and the OS is upgraded from ‘Catalina or below’ to ‘Big Sur or above’, 2 kexts [com.bit9.KernelSupport, com.bit9.SystemProxy ] out of 4 are found still loaded.

  • EP-15398: App Control b9cli status returns nothing and does not work

    This is an intermittent issue. Sometimes the b9cli command line tool does not show the output.

  • EP-15747: Manually importing 'configlist.xml' from the server results in a disconnected agent, even after machine reboot.

  • EP-15756 :Ban Rule not applied to Mac Agent after Importing configlist.xml from Server

  • EP-16577: If a file rule is added with ban by name, the ban state of the file is not reflected in b9cli find command

  • EP-20764: Time Machine Volume should not undergo initialization process

check-circle-line exclamation-circle-line close-line
Scroll to top icon