Carbon Black Cloud: How to prevent end user from stopping the Enterprise EDR Sensor on macOS
search cancel

Carbon Black Cloud: How to prevent end user from stopping the Enterprise EDR Sensor on macOS

book

Article ID: 289873

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Prevent end users from disabling the EEDDR Sensor on macOS endpoints via Settings > Login Items 

Environment

  • Endpoint Standard Sensor: All Supported Versions
  • Endpoint Standard Sensor UI 

Resolution

A custom configuration profile needs to be created through Apple Configuration 2 to restrict users from disabling the Sensor. The basic format of the configuration provided below can be used.
  
<key>RuleType</key> 
<string>TeamIdentifier</string>
 <key>RuleValue</key> 
<string>7AGZNQ2S2T</string>

Additional Information

The string value "7AGZNQ2S2T" is the Team ID for the Carbon Black Cloud software. 
Powered by Wolken Software