As of High Sierra (10.13.x), all third-party kernel extensions (kexts) must be explicitly allowed to load. This approval can be performed locally by the end user or orchestrated via a mobile device management (MDM) policy.
Approve EDR/EPP Sensor Kernel Extensions
Approve the macOS kernel extension directly on a Mac system
- From your Mac, click System Preferences.
- From the Security & Privacy pane, click General.
- Click the lock icon and authenticate as an administrator.
- Click Allow for System software from developer “EDR Vendor” was prevented from loading.
The installer will finish running and load the sensor.
Approve the macOS kernel extension via MDM
Specify the Apple Team ID in your configuration profile:
- Carbon Black Response/Defense/ThreatHunter
Apple Team ID: 7AGZNQ2S2T
- CrowdStrike Falcon
Apple Team ID: X9E956P446
- Endgame
Apple Team ID: 4FVLCA237T
-
- Microsoft Defender ATP
Apple Team ID: UBF8T346G9
- Microsoft Defender ATP
Comments
0 comments
Please sign in to leave a comment.