Perform the following procedure to install macOS agents on endpoints.

For macOS endpoints, you install the Carbon Black App Control agent by using the appropriate installer DMG file. Installers for macOS are named as follows, varying by policy: policyname-mac.dmg.

For systems running macOS Mojave 10.14.6 or later, and earlier than macOS BigSur 11x, you must allow the agent kernel extension as described in Allow the Agent Kernel Extension During Agent Installation or Upgrade or Kernel Extension Supporting macOS Versions.

Prerequisites

The following procedure assumes you have already:

  • uploaded agent and rule packages as described in Uploading Agent Installers and Rules to the Server.
  • created one or more security policies for your agents as described in "Creating and Configuring Policies" in the Carbon Black App Control User Guide.
  • downloaded the appropriate installer as described in Downloading Agent Installers.
    • For AD-based policy assignment, use an installer for any policy with automatic policy assignment enabled.
    • The same downloaded agent installer can be used on multiple endpoints, and can also be distributed to endpoints via SSH or other distribution mechanisms like Casper.
  • Verify installer integrity as described in macOS Agent Installer Integrity and Signature Verification.

Procedure

  1. Open a Finder window and change directory to the location where the installer was downloaded (by default, the user-specific Download directory).
  2. In Finder, double-click the agent installation file you downloaded: policyname-mac.dmg. A standard package installation dialog begins.
  3. Respond to the installation dialog prompts, and when the dialog indicates the installation was successful, click Close. The agent begins operating immediately.
  4. To verify the agent installation, run Activity Monitor and view All Processes. You should see b9daemon running.
  5. If you run anti-virus software, exclude the Carbon Black App Control agent installation directory from anti-virus scanning. For enhanced security, Carbon Black App Control protects its application directory. To avoid performance problems, specify in your anti-virus software that the following directories are not scanned
    • /Applications/Bit9/Daemon/b9daemon – the Carbon Black App Control agent process
    • /Applications/Bit9 – the Carbon Black App Control program directory
    • /Library/Application Support/com.bit9.agent – the Carbon Black App Control data directory
    • /Library/Extensions/b9kernel.kext – the Carbon Black App Control driver location for macOS versions 10.9 (Mavericks) and later -or- /System/Library/Extensions/b9kernel.kext, which is the Carbon Black App Control driver location for macOS versions prior to 10.9
  6. Add the following AV exclusion entries for Carbon Black App Control 8.7 and later agents for the macOS supporting system extension:
    • Bundle ID : com.vmware.carbonblack.appc-es-loader.appc-es-extension
    • Path : /Applications/Bit9/Agent/appc-es-loader.app/Contents/MacOS/appc-es-loader
  7. The macOS firewall can detect the agent as a new application and block access to the network. Instruct users to permanently allow incoming connections to b9daemon.
  8. Enable the macOS System Updates updater, which allows minor updates to the OS to be approved for installation. Be sure you are running at least version 9 of this updater. You can enable updaters on the Software Rules > Updaters page.

What to do next

See "Endpoint Notifiers and Approval Requests" in the Carbon Black App Control User Guide for a description of what the user sees on an endpoint that is protected by the agent.