| Carbon Black Cloud macOS Sensor 3.8.1 | 10 September 2024 | Build 3.8.1.102 Check for additions and updates to these release notes. |
What's New
Important:
23 September, 2024 Update: Carbon Black Cloud macOS Sensor 3.8.1.102 is supported on macOS15. See: macOS OER for more details.
Carbon Black Cloud macOS Sensor 3.8.1 release includes features, improvements and bug fixes that are addressed in more detail here.
Carbon Black Cloud macOS Sensor 3.8.1.102 release is macOS15 ready but is being validated against macOS15 Betas. Please stay tuned for the latest macOS15 support HERE.
Important:
-
This release supports macOS 12 - 14.
-
Sensor 3.7.2 reached End-Of-Support in December 2023.
-
Sensor 3.7.3 reached End-Of-Support in August 2024.
-
Sensor 3.7.4 entered Extended Support in May 2024.
Please plan to test and upgrade your sensor accordingly. See the macOS Operating Environment Requirements for more details.
Resources:
Release checksums
| 3.8.1.102 DMG SHA256 Checksum |
|
|---|---|
| 3.8.1.102 PKG SHA256 Checksum |
|
-
Removable System Extension MDM Policy
Apple’s macOS 12+ supports the Removable System Extension MDM policy, which is the preferred macOS-supported mechanism for facilitating seamless Carbon Black Cloud sensor upgrades and uninstallations without requiring user intervention. This policy not only streamlines these processes but also improves compatibility with macOS in an MDM-managed environment, specifically enhancing customer workflows.
Carbon Black recommends deploying this policy in your environment.
To assist you in configuring the Carbon Black Cloud System Extension as removable in your MDM-managed environment, Carbon Black has updated the MDM configuration documentation. See: Approving the System Extension and Network Extension for macOS 11+
You can test and identify the removable system extension status under the general information section of repcli status: General Info -> System Extension -> Removable.
Important:Mac admins must adopt the “Removable System Extensions” MDM policy as prescribed for the optimal sensor upgrade and uninstall experience going forward.
Reference Links:
-
Major macOS Forward Compatibility Support
On the day of Apple’s major macOS release, Carbon Black will have at least one sensor compatible and in support. Since sensor versions 3.7.2 and onward, Carbon Black offers macOS forward compatibility handling for new major macOS releases. These sensor versions will be announced as officially in support on 0-day if passing the major macOS Beta and GM qualification process, unless compatibility issues are identified during the process.
-
3.8.1 Supported Operating System, System Extension (Intel, Apple Silicon)
-
macOS15 Sequoia, pending validation
-
Sensor Mass-Deployment and MDM
To ensure full sensor activation at the earliest time during the sensor mass deployment, Carbon Black recommends that you preconfigure endpoints with System Extension and FDA pre-approval though MDM, using the latest MDM recommendations for Carbon Black Cloud in the sensor release DMG docs folder. Verify the MDM policy correctness using test endpoints before mass deployment of sensors.
Note:For more information about the macOS Sensor operating systems, please see the macOS Operating Environment Requirements documentation.
-
-
Performance and Scale Improvements
3.8.1 delivers performance improvements and optimizations benefiting especially high throughput endpoints, such as macOS developer environments.
-
Improved efficiency of Cloud Reputation lookups, reducing network traffic to the cloud and improving malware prevention efficacy on busy endpoints with a large number of executables.
-
Performance improvements reducing latency during script executions, especially in developer scenarios.
-
SysEXT (se_agent) performance improvements reducing CPU usage on busy endpoints.
-
Background Scan: added support for Expedite scan mode, and also reduced time needed to complete in Standard scan mode.
-
Resolved Issues
Endpoint Standard
-
DSEN-26872: Network operation bypass exclusion was improved to support pre-connect per-application bypass for server applications like Nginx (EA-22423)
Endpoint Standard and EEDR
-
DSEN-22660: Attended installer: fixed an issue with installer not prompting for registration code when installing sensor second time
-
DSEN-24595: Network Extension disablement command (repcli networkextension disable) now persists across macOS and sensor reboots
This introduces
repcli networkextension restorecommand (to restore the original configuration). -
DSEN-25705: Updated Third party libraries
-
DSEN-27937: Support for latest suites of TLS CBC cloud ciphers
-
DSEN-27986: Hardened sensor security limiting access to select sensor data files
-
DSEN-28057: Improved Proxy Server configuration and discovery handling to future-proof sensor fresh installations with proxies in cloud environments / load balancing
-
EA-24033: Fixed an issue with reported process tree parent-child hierarchies that affected long running endpoints with long lasting processes
-
EA-24420: Addressed interoperability issue in macOS14.3 and greater that caused MS Office hang when accessing remote files
LiveOps
-
DSEN-27667: Updated OSQuery engine to 5.12.1
Known Issues
The following issues are known to affect the software. Each lists the sensor version when the issue was first reported. Issues are removed after they are resolved.
-
Device Quarantine limitation with VPN per-app tunnel
Carbon Black is in contact with Apple Eng. to resolve the universal macOS limitation.
Please refer to this KB article for a workaround.
-
Unsupported workflow for migrating data from Intel to an Apple Silicon machine
Including the sensor as part of migrating data from Intel to an Apple Silicon machine (i.e. Migration Assistant) is not a supported workflow.
The recommended workflow is to uninstall the sensor before migration or exclude the sensor during migration and install it on the target machine.
