Endpoint Standard: Carbon Black file is detected as XProtect False Positive in MAC Operating System.
search cancel

Endpoint Standard: Carbon Black file is detected as XProtect False Positive in MAC Operating System.

book

Article ID: 288636

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

An Alert/Event will be triggered as mentioned below:
  • The file "/Applications/VMware Carbon Black Cloud/CBCloudUI.bundle/Contents/MacOS/CBCloudUI" was scanned and classified as KNOWN_MALWARE. The file has been quarantined.
  • Malware (/Applications/VMware Carbon Black Cloud/CBCloudUI.bundle/Contents/MacOS/CBCloudUI) was detected running. A Deny Action was applied by the Operating System (XProtect)".

Environment

  • Endpoint Standard Sensor Version: 3.5.1.13
  • Apple macOS: All Supported Versions

Cause

XProtect False positives were reports on sensor executables.

Resolution

Upgrade the Mac sensor to 3.5.1.16 and above to avoid these false positives.
Powered by Wolken Software