For macOS v3.1 sensor installations on macOS 10.13, High Sierra requires initial KEXT approval of the product kernel extension by administrative policy or user.

This requirement is enforced by Apple. It applies to all third-party products that have a driver component. The sensor requires KEXT approval regardless of the previous KEXT approval status.

Note: For macOS Big Sur, user KEXT approval is only part of the requirement; MDM approval is required for KEXT deployment on macOS Big Sur.
Important: Sensor version 3.8.0 and future sensor versions no longer support Kernel Extension approval as well as macOS11 and prior Operating Systems. Customers must use System Extension approval.

Carbon Black recommends that you pre-configure endpoints with pre-approved drivers by using MDM policy, netboot, or pre-configured images. This approach simplifies sensor installation, especially during a command line installation. A CLI message occurs during the install, and requires the – kext flag to skip and finish the install.

If drivers are not pre-approved before sensor installation, the behavior is as follows:

Command line installation: Installation finalizes and returns success, but logs a warning to installation logs. Because drivers cannot load, the sensor enters Bypass state and reports this state to the cloud. After KEXT is approved, the sensor recovers within one hour and enters the full protection state.

Direct installation is handled similarly to a command line installation, with two differences: (1) sensor installation displays a dialog message that requests the user to approve the KEXT by using system preferences; (2) installer stalls for up 10 minutes to give the user the opportunity to approve the KEXT.

Note: For information about mobile device management (MDM), see: