How to verify Full Disk Access approval locally for MDM profiles(macOS)
search cancel

How to verify Full Disk Access approval locally for MDM profiles(macOS)

book

Article ID: 292373

calendar_today

Updated On: 09-24-2024

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Provide steps to check or ensure that Full Disk Access (FDA) has been approved properly on Big Sur via MDM profile

Environment

  • Carbon Black Cloud Sensor: 3.5.1.x and Higher
  • Apple macOS: 11.0 (Big Sur) and Higher

Resolution

  1. Launch terminal emulator and run 
    sudo /usr/bin/profiles show -o stdout-xml > /tmp/profiles.plist
  2. Search profiles.plist for 
    SystemPolicyAllFiles
  3. Check for the following items 
    com.vmware.carbonblack.cloud.daemon
com.vmware.carbonblack.cloud.se-agent.extension
com.vmware.carbonblack.cloud.osqueryi
com.vmware.carbonblack.cloud.uninstall
com.vmware.carbonblack.cloud.uninstallerui

Additional Information

com.vmware.carbonblack.cloud.se-agent.extension is optional for a KEXT install, but is good to include for future transition to System Extension
Powered by Wolken Software