CB Protection: Tamper Protect Alerts received when running macOS updates
Article ID: 287359
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Tamper Protection Alert received from "root" user when running a macOS update while Tamper Protection is enabled
Environment
- CB Protection Agent: All Supported Versions
- Apple macOS: All Supported Versions
Cause
macOS is either attempting to enumerate or close running files/processes to complete the update
Resolution
- This behavior can be seen with certain updates. Depending on the nature of each individual update, certain files may need to be enumerated or a particular process may need to be stopped to complete this action. This is observed as an attempt to access or modify the contents of a CB Protection Agent, as the Tamper Protection component is designed to do in an effort to protect itself from potential threats on the system that might attempt to take a similar action.
- If this is observed, Tamper Protection may need to be disabled prior to completing these updates, as it is not possible to add exclusions to macOS updates.
- Additional information regarding Tamper Protection and CB Protection Agent exclusions listed below under Related Content
Feedback
Yes
No
Powered by
