Updater Approval Rules permit users of computers under High Enforcement protection to install application updates from approved sources as they become available for download.
You can approve updater programs for commonly used enterprise applications, including anti-virus, anti-spyware, personal firewall, and desktop productivity programs. All computers can run approved updaters, but applications installed by these updaters via the Web are locally approved by the Carbon Black App Control Agent for use on the installation computer only.
Enabling a product-specific updater approves only the upgrade procedure for that product, not the application's full installation package.
As new applications or new application versions are introduced and old products or versions become obsolete, the list of updaters can change. The list of available updaters is refreshed in the following ways:
- When you install a new version of Carbon Black App Control, the updaters list is refreshed to add any new updaters, delete any obsolete updaters, and make any necessary modifications to existing updaters.
- To keep your updaters current, you can allow automatic updating of your updaters by the Carbon Black File Reputation cloud; this feature is enabled by default when Carbon Black File Reputation integration is enabled.
- For update programs currently not supported, you can make a request on the Carbon Black User Exchange. If approved and made available, the new updater can be downloaded automatically through the Carbon Black File Reputation.
You can view the complete list of updaters available on your server by opening the Updaters tab of the Software Rules page on the console. This page can show a manually added updater or, if you have upgraded from a previous version of Bit9 Platform or Parity, older updaters that you enabled in the past.
The following table provides information about updaters whose names might not make their purpose obvious or that require special implementation notes. If you do not have access to the console and need a complete list of supported updaters, contact VMware Carbon Black Support.
| Updater |
Platform |
Description |
|---|---|---|
| Adobe Application Manager |
Windows |
Allows updates of products managed by the Adobe Application Manager. |
| Adobe Products Not Listed |
Windows |
Allows automatic approval of updates to certain Adobe products for which a specific Carbon Black App Control updater is not shown. |
| Allow Printer Installations |
Windows |
Allows a print server to automatically install a printer driver not currently on an agent computer (Windows 2003 and later). This updater should not be enabled as a means to allow installation of drivers for locally attached printers. |
| Carbon Black EDR |
macOS |
Allows updates to the Carbon Black EDR sensor on endpoints running macOS. |
| CSC.exe Temporary Files - Do Not Report |
Windows |
This updater significantly reduces the number of new file reports on the server when the Microsoft Visual C# Compiler (CSC.exe) creates or modifies DLLs in locations dedicated to temporary files. You may still approve or ban files at these locations when this updater is enabled, and you can disable it if you prefer to see all temporary file traffic from this process. |
| Java |
Windows |
Allows updates to the Java Virtual Machine and updates that install or update add-ons (search bars or third-party applications, and so forth) included in some versions of Java. This is equivalent to the Java and Bundled Software updater from previous releases. |
| macOS System Updates |
macOS |
Allows updates to the macOS operating system. |
| Microsoft .NET Framework |
Windows |
Allows the .NET just-in-time compiler to run. It must be enabled if you run any applications that require.NET. Although Windows Update provides updates for both Windows Defender and Microsoft .NET, successful installation of updates for these products requires that you trust their specific updater in addition to Windows Update. |
| Microsoft Office 2013 |
Windows |
Allows updates based on Microsoft’s Click-to-Run streaming technology. If you used the MSI installer for Office and did not enable Click-to-Run, Office updates are provided by Windows Update and you do not need to enable this updater. |
| Red Hat Prelinking |
Linux |
Carbon Black recommends disabling Prelinking on RedHat and CentOS computers before installing agents. Prelinking has negative impacts on performance and Carbon Black App Control features. However, if you must enable Prelinking on your RedHat and CentOS systems, enable the RedHat Prelinking updater before installing agents. |
| Red Hat Software Update |
Linux |
Allows automatic updates to supported RedHat and CentOS operating systems. |
| Symantec Endpoint Protection for macOS |
macOS |
Enable the Symantec Endpoint Protection for Mac updater if SEP is run in your environment. It allows SEP updates and improves performance on file operations. Use the SEP Auto Protect Preferences Pane to configure SEP to include the following endpoint SafeZone: /Library/Application Support/com.bit9.Agent. |
| Windows Defender |
Windows |
Although Windows Update provides updates for both Windows Defender and Microsoft .NET, successful installation of updates for either of these products requires that you trust their specific updater in addition to Windows Update.
Note:
Windows Defender is activated by default in Windows 10 unless there is another AV product installed on the system. |
| Windows Update Temporary Files - Do Not Report |
Windows |
This updater significantly reduces the number of new file reports on the server when Windows updates are applied. Because the files not reported are in temporary locations and supplied by Microsoft, they are typically not of interest for tracking or investigation. You may still approve or ban files at these locations when this updater is enabled, and you can disable it if you prefer to see all updater file traffic. |
