Resolving Network Issues with FileWave Server or Boosters on macOS when using Carbon Black EDR Extension
What
FileWave has observed network issues when the Carbon Black EDR (Endpoint Detection and Response) system extension and network filter are installed on a FileWave Server or Booster running on macOS. The most common symptom is that the Booster stops responding, which can interrupt device check-ins and content delivery.
When/Why
This is most likely to appear under high network traffic, where the Carbon Black network filter is inspecting traffic on the same macOS system that is serving FileWave clients. That combination can create performance or connectivity problems for FileWave services.
How
If FileWave network issues begin after Carbon Black EDR is installed on the same macOS Server or Booster, check whether the Carbon Black system extension and network filter are active. On macOS, use this command in Terminal.app:
systemextensionsctl listThe output will appear like this:
--- com.apple.system_extension.endpoint_security
enabled active teamID bundleID (version) name [state]
* * 7AGZNQ2S2T com.vmware.carbonblack.cloud.se-agent.extension (3.7.2fc81/3.7.2fc81) com.vmware.carbonblack.cloud.se-agent.extension [activated enabled]Check the output for the Carbon Black EDR extension or network filter. If removing or disabling the extension restores FileWave service responsiveness, work with your security team and Carbon Black/Broadcom support before redeploying it to the FileWave Server or Booster.
Related Content
- General Troubleshooting and Errors
- FileWave Log File Locations
- Booster Installation
- Broadcom Carbon Black EDR system extension and network filtering
Digging Deeper
Modern macOS security products often use System Extensions and Network Extensions instead of older kernel extensions. Carbon Black EDR uses this model on current macOS versions so it can inspect endpoint and network activity.
That inspection can still affect network-heavy systems. FileWave Servers and Boosters handle repeated client communication and content delivery, so they are more sensitive to anything inserted into the local network path.
The systemextensionsctl list command is a quick way to confirm whether the Carbon Black extension is active. Treat this as a troubleshooting signal, not a request to remove security tooling without approval.
If you need to exclude a FileWave Server or Booster from the Carbon Black network filter, coordinate that decision with the customer security owner and Carbon Black/Broadcom support.