VMware Carbon Black App Control 1.18 | 20 OCT 2022 | Build 1.18.13.29

Check for additions and updates to these release notes.

What's New

VMware Carbon Black has released Rules Installer version 1.18. New features include:

Windows File Path Case Sensitivity Protection

Currently, the Windows agent does not support Windows systems with case sensitivity features enabled. Prior to Windows 11 and Windows Server 2022, case sensitivity was disabled by default. It is now is enabled by default leaving some users with a potential security hole.

To address this, we have created a new registry rule that blocks changes to case sensitivity in Windows 11 and Windows Server 2022.

Note: This registry rule is disabled by default.

In addition, we added the agent configuration property, check_dircasesensitivityenabled, which can generate health alerts and globally disable case sensitivity, if desired. The default value for this agent configuration property is 0, or disabled.

Note: This configuration is hidden in the server and must be manually added to the server for global application. To verify the current setting on any given Windows Agent, usedascli configprops|findstr check_dircasesensitivityenabled.

The possible configurations are as follows:

  • 0 - No health alerts reported, will not disable case sensitivity if enabled.

  • 1 - Report health alert if case sensitivity is enabled, will not disable case sensitivity if enabled.

  • 2 - Report health alert if case sensitivity is enabled, disables case sensitivity if enabled.

  • 3 - No health alerts reported, disables case sensitivity if enabled.

Additional Changes:

  • Added a rapid config that prevents attackers from writing to VMware App Volume locations to take advantage of our support of this feature.

  • Added the Microsoft Teams directory to the list of default approved Windows store locations.

Important:

  • Beginning with App Control 8.1.4, agent installers and the rule file that determines their behavior are no longer included as part of an App Control Server installation. You upload rule installer packages separately after you install the server. This allows VMware Carbon Black more flexibility to make new and improved rules available to you independent of server releases.

  • Customers who are performing a fresh (non-upgrade) installation of the VMware Carbon Black App Control Server will need to install the Rules Installer before deploying agents. For customers upgrading the App Control Server, we strongly recommend that you install the latest Rules Installer after the server upgrade. See: VMware Carbon Black App Control Rules Installer Guide for detailed instructions.

  • If you are upgrading from Rules version 1.14 or before, please download and apply the script contained in the following UEX Link to ensure that server service is not lost after reboot. This issue was first noticed when upgrading from version 1.14 to 1.16.

    https://community.carbonblack.com/t5/Documentation-Downloads/App-Control-Rules-1-16-Registry-Script/ta-p/112668#M3597

Resolved Issues

  • EP-15759: Updated the "SolarWinds-Sunburst Protection" to fix a bug that prevented the exception case in the "Execution of Solarwinds signed files" section from working.

Known Issues

There are no known issues in this release.

check-circle-line exclamation-circle-line close-line
Scroll to top icon