App Control: How to Add an Identifier Longer Than the WS1 String Limit for Mac Agent 8.7+
search cancel

App Control: How to Add an Identifier Longer Than the WS1 String Limit for Mac Agent 8.7+

book

Article ID: 288771

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

How to Add an Identifier Longer Than the WS1 UI String Limit for Mac Agent 8.7+

Environment

  • App Control Mac Agent: 8.7 and Higher
  • VMware Workspace One

Resolution

  1. Edit the Profile and add a custom Payload
  2. In the Custom Settings menu, add the following XML 
    <dict>
        <key>Services</key>
        <dict>
          <key>SystemPolicyAllFiles</key>
          <array>
            <dict>
              <key>Identifier</key>
              <string>com.vmware.carbonblack.appc-es-loader.appc-es-extension</string>
              <key>IdentifierType</key>
              <string>bundleID</string>
              <key>CodeRequirement</key>
              <string>identifier "com.vmware.carbonblack.appc-es-loader.appc-es-extension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "7AGZNQ2S2T"</string>
              <key>StaticCode</key>
              <false />
              <key>Comment</key>
              <string></string>
              <key>Allowed</key>
              <true />
            </dict>
          </array>
        </dict>
        <key>PayloadDisplayName</key>
        <string>PrivacyPreferences</string>
        <key>PayloadDescription</key>
        <string>PrivacyPreferencesSettings</string>
        <key>PayloadOrganization</key>
        <string></string>
        <key>PayloadType</key>
        <string>com.apple.TCC.configuration-profile-policy</string>
        <key>PayloadUUID</key>
        <string>d61f9f50-88ee-4139-a2e9-37b7d4f7ae71</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadIdentifier</key>
        <string>1997a5db-ac7f-426a-a038-8c64c341cb4b.PrivacyPreferences</string>
   </dict>
  3. Once applied, the XML sets the PrivacyPreferences payload as a Custom Setting

Additional Information

  • In the particular case of App Control 8.7 where System Extensions were introduced, The payload for having full disk access for appc-es-extension exceeds the allowed limit.
  • The steps above, are an alternative way around applying the Policy Preferences payload, setting System Policy All Files to Allow, per the image below:
User-added image
Powered by Wolken Software