Endpoint Standard: Mac Sensor reporting TamperBehavior4 Alerts
Article ID: 291091
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Alerts in the console can be seen with the following context:
- The application /usr/libexec/xpcproxy attempted to disable the Cb Defense Sensor, by calling the function "TamperBehavior4". The operation was blocked by Cb Defense.
Environment
- Carbon Black Cloud Console: All Versions
- Endpoint Standard macOS Sensor: 3.4.2.23
- Apple macOS: All Version
Cause
Launchd/xpcproxy is gathering process(daemon) metrics which exhibits scraping-like behavior.
Resolution
This is a known issue and the fix will be addressed in an upcoming Mac sensor release (3.4.4)
Feedback
Yes
No
Powered by
