Carbon Black EDRk recommends that you approve the Carbon Black Network Extension Component of the System Extension via MDM. You can grant the System Extension the ability to Filter Network Content through a Web Content Filter configuration profile.

Note: These instructions were created by using Apple documentation and ProfileCreator. Field names, values, and functionality can vary depending on the MDM framework or sensor version used.

After creating this profile, the profile should be signed to enable distribution via MDM. Complete the following fields exactly as shown here. Copy and paste for accuracy.

General payload:

  • Payload Scope:
    System

Web Content Filter payload:

  • Filter Type:
    Plug-In
  • Plug-In Bundle ID:
    com.carbonblack.es-loader
  • Check Enable Socket Filtering Filter Data Provider System Extension Bundle ID (macOS):
    com.carbonblack.es-loader.es-extension
  • Check Enable Socket Filtering Filter Data Provider Designated Requirement (macOS):
    identifier "com.carbonblack.es-loader.es-extension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7AGZNQ2S2T"

Check Enable Packet Filtering (macOS):

  • Filter Packet Provider System Extension Bundle ID (macOS):
    com.carbonblack.es-loader.es-extension
  • Filter Packet Provider Designated Requirement (macOS):
    identifier "com.carbonblack.es-loader.es-extension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7AGZNQ2S2T"