Carbon Black Cloud: Network is Slow or Disconnects after Sensor Installed on MacOS
search cancel

Carbon Black Cloud: Network is Slow or Disconnects after Sensor Installed on MacOS

book

Article ID: 291446

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

  • Network is slow or disconnects entirely when MacOS is connected to Ethernet Adapter
  • Connections to servers are slow or timing out
  • Putting the Sensor in Bypass does not resolve the issue

Environment

  • Carbon Black Cloud Sensor: 3.5.1 and Higher
  • Apple MacOS: 11/Big Sur and later

Cause

  • The CBC Network Extension (NE) contains two content filters: a data filter and a packet filter. Enabling the NE registers both filters with the OS and the OS will then forward network activity to the appropriate filter. 
  • This issue can happen as soon as the data or packet filter is enabled regardless of whether or not packets are processed.
  • This issue has also been seen on Mac Studio devices which is currently being investigated

Resolution

  • Networking issues have been resolved in MacOS Monterey 12.4 and MacOS 13.0. The What's new for enterprise in macOS Monterey documents the following release note: "Resolves an issue where the network becomes unresponsive using multiple Network Extensions or a Network Extension with an Ethernet adapter."
  • If unable to upgrade MacOS to 12.4 or 13.0, the following may workaround the issue:
    • If issue is not resolved by upgrading MacOS, please collect MacOS Sensor logs and Open a Support Case noting if the device is a Mac Studio so we can investigate further.

    Additional Information

    • MacOS 12.3 and later require Sensor version 3.6.2. Older sensors versions will not function correctly on 12.3 and later.
    • If the sensor was installed on an unsupported version of MacOS and upgraded then the sensor may need to be uninstalled/reinstalled to fix the issue.
    • To confirm if MacOS device is affected by this issue please do one of the following:
      • Disable Network Extension to confirm if the issue still persists. If the issue does not persist, please re-enable the Network Extension as there have been some cases where this resolves the issue. 
      • If unable to disable Network Extension, please test by uninstalling the MacOS sensor to confirm if issue persists. 
    • If issue is not resolved by uninstalling Sensor or disabling/re-enabling Network Extension then likely something else in the environment is causing network connectivity issues.
    Powered by Wolken Software