Endpoint Standard: Why are There MacOS Blocks Reported by Gatekeeper or Xprotect in the Console?
search cancel

Endpoint Standard: Why are There MacOS Blocks Reported by Gatekeeper or Xprotect in the Console?

book

Article ID: 291106

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Why are there blocks appearing in the console as "The file "/XYZ" attempted to run on MacOS. The file has been blocked by GateKeeper or XProtect"?

Environment

  • Carbon Black Cloud Web Console: All Versions
  • Carbon Black Cloud macOSĀ Sensor: All Supported VersionsĀ 
  • Apple macOS: All Supported Versions

Resolution

  • Endpoint Standard is only reporting an OS operation and the product is not performing any blocks.
  • The 3.7.4 MacOS sensor should help reduce the noise caused by these events.

Additional Information

These events are safe to ignore and can use the dismiss all with the If this alert occurs in the future, automatically dismiss it from all devices checked off to avoid these in the console.
Powered by Wolken Software