EDR: How To Approve Sensor Extensions Manually in macOS 11.x (Big Sur)
search cancel

EDR: How To Approve Sensor Extensions Manually in macOS 11.x (Big Sur)

book

Article ID: 287704

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Approve system extensions for macOS sensor manually 

Environment

  • EDR Sensor: 7.0.1 and later
  • Apple macOS: 11.x, Big Sur

Resolution

  1. During install of 7.x mac sensor, you will receive a "System Extension Blocked" prompt, click "Open Security Preferences"
 User-added image
  1.  Click Unlock to change settings and click "Allow"
User-added image
 
  1. Installation will proceed and then prompt to approve "es-loader" for Network Filter.  Confirm by clicking Allow
User-added image
  1. Installation will complete.  Navigate to Security & Privacy System Preferences and click "Privacy" tab.  Locate "Full Disk Access" option, and click the checkbox next to "es-extension"
User-added image

 

Additional Information

If Full Disk Access is not granted to es-extension after installation completes, the sensor will function, but Live Response feature will not function as expected and not be able to reach all locations on endpoint disk.
Powered by Wolken Software