Carbon Black Cloud: Significant decrease in alerts and events from Mac sensor after upgrade to MacOS 12.3
search cancel

Carbon Black Cloud: Significant decrease in alerts and events from Mac sensor after upgrade to MacOS 12.3

book

Article ID: 291591

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  • Significant (~90%) decrease in events and alerts from Mac endpoint
    • Small subset of network and other behavior events my still occur
  • Sensor appears active

Environment

  • Carbon Black Cloud Mac Sensor: v3.6.1.10
  • macOS v12.3

Cause

Changes that Apple has made in MacOS 12.3 with regards to their internal protocols.

Resolution

Mac sensor release 3.6.2.110 resolves this issue.

Additional Information

  • Sensor 3.6.1.10 will not be available after 4/20/2022. Per CBC Mac Sensor Announcement for macOS 12.3, VMware Carbon Black strongly recommends not upgrading to  MacOS 12.3 until sensor version 3.6.2.110 is installed. 
  • Carbon Black is planning additional sensor enhancements to better handle these types of macOS changes in the future
Powered by Wolken Software