The easiest way to distribute the necessary MDM payload to approve the KEXT is to upload the MDM-KEXT-approval.mobileconfig file, which is located in the mounted DMG of the installer in the docs folder.
You can also recreate the attached mobileconfig in your MDM tool by specifying the Apple Team ID and the KEXT Bundle ID in your Kernel Extension configuration profile:
- Apple Team ID:
7AGZNQ2S2T
- KEXT Bundle ID:
com.carbonblack.defense.kext
To allow the KEXT to load on MacOS Big Sur, the OS either requires a local action from an admin to approve the KEXT after install or a customized reboot command from your MDM to rebuild the Kernel Cache.
Your MDM must support custom XML to use the following method. If your MDM provider does not support custom XML, use the local approval method to run the KEXT.
The easiest way to distribute the necessary MDM command is to upload the MDM-KEXT-reboot-command.xml file, which is found in the mounted DMG of the installer in the docs folder. This XML file should be uploaded as a Custom Command and sent to endpoints after KEXT install. The target machine will reboot without warning; this distribution method is a temporary workflow until MDM providers update their reboot protocols to support RebuildKernelCache
. This command is here:
<dict> <key>RebuildKernelCache</key> <true/> <key>KextPaths</key> <string>/Library/Extensions/CbDefenseSensor.kext</string> <key>RequestType</key> <string>RestartDevice</string> </dict>