Carbon Black Cloud: Folder Permission to /System/Volumes/Data/Library/Application Support/
search cancel

Carbon Black Cloud: Folder Permission to /System/Volumes/Data/Library/Application Support/

book

Article ID: 289007

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Folder Permissions are set to 777 which allows any user to access:  
0 drwxrwxrwx 4 root admin 128 Feb 19 17:07 /System/Volumes/Data/Library/Application Support/com.vmware.carbonblack.cloud/Data/Content
0 drwxrwxrwx 6 root admin 192 Feb 8 15:05 /System/Volumes/Data/Library/Application Support/com.vmware.carbonblack.cloud/Data/Content/Rules
0 drwxrwxrwx 3 root admin 96 Feb 19 17:11 /System/Volumes/Data/Library/Application Support/com.vmware.carbonblack.cloud/Data/Events

 

Environment

  • Carbon Black Mac Sensor: 3.8.0.58 and Lower 
  • MAC OS: All Supported Version

Cause

Working as per design 

Resolution

  • Modifying the permissions of these folders to 770 will work as intended.
/Library/Application Support/com.vmware.carbonblack.cloud/Data/

/Library/Application Support/com.vmware.carbonblack.cloud/Data/Events

/Library/Application Support/com.vmware.carbonblack.cloud/Data/Content

/Library/Application Support/com.vmware.carbonblack.cloud/Data/Content/Rules
  • User must disable the sensor to make these changes.
NOTEDo not perform a recursive chmod
  • Uninstall and Reinstall of Sensor, will reset these folder permissions to default. 
  • Default directory permission will be fixed in  upcoming CBC Mac 3.8.1 release.
Powered by Wolken Software