Carbon Black Cloud Sensor: Unable to access certain directories in Live Response on Mac
search cancel

Carbon Black Cloud Sensor: Unable to access certain directories in Live Response on Mac

book

Article ID: 287364

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  • Unable to access certain directories such as /Users/<username>/Library/Mail/ in a Live Response session, with an error such as:  
    Remote error 0x80070002 - The system cannot find the file specified
    Remote error 0x80070001 - Incorrect function

     

Environment

  • Carbon Black Cloud Sensor: 3.2.1 and Higher
  • macOS 10.14.x Mojave

Cause

Full Disk Access has not been provided to the CB Defense process in System Preferences

Resolution

  1. Open System Preferences and navigate to Security & Privacy>Privacy tab
  2. Click "Full Disk Access" in the sidebar and ensure the CB Defense process "com.carbonblack.defense.ui" is enabled (Administrator credentials may be required to make this change)
These steps can be completed by any Administrator User.

Additional Information

  • This requirement is due to a macOS security measure
  • Full Disk Access is required to access certain User or System directories protected by macOS
  • See the article in related content for more detail on this requirement, along with an example of how to manage this with an MDM solution
Powered by Wolken Software