Issue
User is experiencing potential issues between a VMware Carbon Black Cloud or VMware Carbon Black EDR sensor and other applications on an endpoint running macOS.
Environment
VMware Carbon Black: all products
macOS: all supported versions
Resolution
Activity Monitor is an application that provides statistical and diagnostic information for apps that are currently running on a device running macOS. Activity Monitor can be launched two ways:
- Applications > Utilities > Activity Monitor
- via Launchpad and searching for the application by name.
Once Activity Monitor has been launched, perform the following steps to capture the necessary output:
- Open the application in which the issue has been observed and reproduce the behavior.
- Return to Activity Monitor.
- In the Process list, locate the name of the application that exhibited the problem behavior.
- After selecting the application, click on Sample Process (this can be found under the Gear icon in the toolbar at the top of the Activity Monitor window).
- Once the sample is generated, click Save in the top-right hand corner of the window.
- Rename the file using the following convention: <hostname_processname_log> and upload the saved file via Red Canary (https://go.my.redcanary.co/shared_files/new).
- Please specify the Red Canary case number in the description field before uploading.
Command-line instructions
If a user would prefer to capture the output from Activity Monitor via command line:
- Open Terminal application.
- To perform a capture of a particular application/process execute the following:
(assuming that the present working directory is the user's home directory)cd Desktop
sudo sample [enter name of process/application] > hostname_processname_log.txt
(the above syntax will capture the Activity Monitor log and redirect the output to text document on the user's desktop; also note that the above syntax should be executed on the same line) - Upload the saved file via Red Canary (https://go.my.redcanary.co/shared_files/new)
Comments
0 comments
Please sign in to leave a comment.