Why Does the App Control Agent Run as System / Root?

Why Does the App Control Agent Run as System / Root?

search cancel

Why Does the App Control Agent Run as System / Root?

book

Article ID: 387696

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Why does the Carbon Black App Control agent run as System / Root?

Environment

App Control Agent: All Supported Versions
macOS: All Supported Versions
Linux: All Supported Versions

Resolution

The agent needs to run as system / root so it can:

Install, start, stop and communicate with its kernel driver
Be able to upgrade itself (e.g. run the installer that in turn must be root)
Access resources and files available only to System / Root
Block operations (the Kernel module is what enforces the blocks)

Feedback

thumb_up Yes

thumb_down No