For the macOS sensor to operate at full functionality on an endpoint, the sensor must have full disk access on the endpoint. This payload grants the macOS sensor full disk access.
To ensure full functionality of the macOS sensor, enter each App Access sub-payload from the following table. For all sub-payloads, the Identifier Type is Bundle ID, and the Application or Service is SystemPolicyAllFiles with Access set to Allow.
| Identifier | Code Requirement |
|---|---|
com.vmware.carbonblack.cloud.daemon |
identifier "com.vmware.carbonblack.cloud.daemon" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7AGZNQ2S2T" |
com.vmware.carbonblack.cloud.se-agent.extension |
identifier "com.vmware.carbonblack.cloud.se-agent.extension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7AGZNQ2S2T" |
com.vmware.carbonblack.cloud.osqueryi |
identifier "com.vmware.carbonblack.osqueryi" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7AGZNQ2S2T" |
com.vmware.carbonblack.cloud.uninstall |
identifier "com.vmware.carbonblack.cloud.uninstall" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7AGZNQ2S2T" |
com.vmware.carbonblack.cloud.uninstallerui |
identifier "com.vmware.carbonblack.cloud.uninstallerui" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7AGZNQ2S2T" |
