The following procedure outlines the steps required to enable Full Disk Access (FDA) control for the Carbon Black App Control macOS agent using an MDM.

This procedure requires you to create a Configuration Profile with a Privacy Preferences Policy Control (PPPC) payload in your MDM (for example, Workspace One UEM, Jamf®, or any other MDM). This allows you to pre-approve application privacy permissions in your environment.

Note: The following instructions use Jamf. Modify the instructions as needed to adjust for other MDM solutions.

Procedure

  1. In Jamf, go to Computers > Configuration Profiles.
  2. Create a new profile and define it as follows:
    1. For Name, give the profile a name that helps explain what application it is giving rights to. In this example, we use the name of the product followed by “PPPC”.
    2. For Category, select Applications.
    3. For Distribution Method, select Install Automatically.
    4. For Level, select Computer Level.
    5. Navigate from the General tab to the Privacy Preferences Policy Control tab.
    6. For Identifier, enter cbProtection.
    7. For Identifier Type, select Bundle ID.
    8. For Code Requirement, enter the following code exactly as it is stated here:
      Tip: Copy/paste the following text to ensure accuracy. 
      identifier "com.bit9.b9notifier" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7AGZNQ2S2T"
      Note: If you do not enter this code correctly, this procedure for enabling FDA will not work properly.
    9. Under App or Service, select SystemPolicyAllFiles and under Access, select Allow.
    10. Save the policy.
  3. Deploy and use this policy to enable FDA for all your macOS endpoints.