• Events in the Console are being generated for Tamper Protection by Mac Agents similar to

  Modification of '/library/systemextensions/dc8b51f1-443d-4dc5-806d-8dda958e1ab6/com.vmware.carbonblack.appc-es-loader.appc-es-extension.systemextension/contents/macos/com.vmware.carbonblack.appc-es-loader.appc-es-extension' by 'root' was blocked because of Tamper Protection.
  
  
  Carbon Black App Control Agent blocked an attempt to write to '/library/application support/com.bit9.agent/data/logs/trace.bt9' by 'root' because of Tamper Protection.

• The Process Name for the related Tamper Protection Events are system processes (sudo, loginwindow, systemd)

• App Control Agent: All Supported Versions
• Apple macOS: All Supported Versions

This issue is being tracked under EPCB-23700 and will be addressed in a future release of the Agent. In the meantime, the Events can safely be ignored.