Process Exclusions for OSX does not catch all instances
Article ID: 287916
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Process exclusion for MacOS does not catch all instances
Environment
- EDR Sensor: All Supported Versions
- Apple MacOS: All Supported Versions
Cause
- Processes such as launchd that start as part of the boot sequence ahead of the sensor daemon and/or launches the sensor itself will not be excluded.
- If an already running system process loading a new image during the boot sequence it will also not be excluded.
Resolution
This is currently working as designed.
Additional Information
A feature request can be submitted here if needed
Feedback
Yes
No
Powered by
