VMware Carbon Black App Control 8.10.4.15 | 12 February 2024 | Build 8.10.4 Check for additions and updates to these release notes. |
VMware Carbon Black App Control 8.10.4.15 | 12 February 2024 | Build 8.10.4 Check for additions and updates to these release notes. |
The 8.10.4 Server Release Notes provide information for users upgrading from previous versions and for users new to VMware Carbon Black App Control.
Customers upgrading to 8.10.4 Server may experience longer than usual upgrade times due to important changes we've made to improve the performance and reliability regarding the storage of Yara rule tags. Customer installations with a high volume of yara tags associated with files are most likely to experience these longer wait times. We apologize for any inconvenience this may cause.
Changes to this version include:
EP-20492: Fixed a critical 8.10.2 issue that caused SAML integrations to fail after upgrade. (aka: EA-24309)
For customers using SQL 2019, installation of the latest Cumulative Update is required before installing version Carbon Black App Control Server 8.10.4. Please see the Server OER for more details.
The table below shows the supported upgrade paths for Carbon Black App Control 8.10.4 servers:
Upgrading from: |
Upgrading to: |
---|---|
8.10.x |
8.10.4 |
8.9.x |
8.10.4 |
8.8.x |
8.10.4 |
8.7.x |
8.10.4 |
8.6.x |
8.10.4 |
8.5.x |
8.10.4 |
8.1.10 |
8.10.4 |
8.1.8 |
8.10.4 |
8.1.6 |
8.10.4 |
8.1.4 |
8.10.4 |
8.1.0 Patch 2 |
8.10.4 |
8.1.0 |
8.10.4 |
There were no additional defects fixed in the Carbon Black App Control 8.10.4 Server.
The following known issues and limitations are present in the Carbon Black App Control 8.10.4 Server.
EP-1222: If the CryptoAPI cannot initialize, the license will not be imported
This is typically due to the environment needing to be set up according to the installation instructions.
EP-2752: If you modify the permissions of, or disable, the "admin" user that ships with the product, the API module may no longer function correctly, causing problems when using the REST API and the console
Make sure that the "admin" user retains its "View users" and "Manage users" permissions and that it is not disabled.
EP-2879: Baseline Drift Reports only report on Windows computers
Baseline Drift Reports do not report on Mac or Linux computers.
EP-3157: Exports to CSV of tabular data from console pages do not render date and time fields consistently with respect to time zone
Some columns are reported as UTC; others use the local time zone.
EP-3349: Right after a new version of App Control is installed, the version health indicator will incorrectly report that the previous version is the newest
Refreshing the health indicator will cause it to disappear and will remove the incorrect report.
EP-3352: An event with the subtype "File deletion failed" is erroneously generated when a file that no longer exists is selected for deletion
When a file no longer exists is selected for deletion, the App Control Server should generate an error with the subtype "File deletion processed (file not found)." Instead, an event with the subtype "File deletion failed" is erroneously generated.
EP-4085: When uninstalling the App Control server a message may appear saying that the system is protected by the App Control agent even though the agent has already been uninstalled
EP-4094: Users without the "View Policies" permission will not be able to make use of Role-Based Access Controls based on policies
EP-4578: If a user turns on the config property ShowHiddenCustomRules and creates a Custom Rule with a hidden action (that is, an action ending with "(Hidden)") that rule will display as an expert rule after being saved
Rules of this type requiring an Operation value of "Execute and Write" should be created as two separate rules to avoid losing data.
EP-5504: Systems created using Sysprep may not boot if Tamper Protection was enabled when Sysprep was performed
EP-5703: Canceling a diagnostic request while it is underway does not always work from the App Control console, one can request a diagnostic upload from an endpoint
From the App Control console one can request a diagnostic upload from an endpoint. Canceling such a request while it is underway only sometimes works. Sometimes, cancellation can cause the endpoint to retry the upload.
EP-6510: Some customers have reported seeing false positives with the Doppelganger rule being triggered by TIWorker.exe and TrustedInstaller.exe
EP-6515: In a specific scenario newly installed agents can register with the server from a deleted policy
EP-6719: File analysis through connectors will not work with files containing certain foreign characters in the name
EP-6721: If a SAML identity provider requires a signed logout request, the logout request will fail
EP-6796: In some cases, it's not possible to export a large amount (300+) of custom rules
EP-7891: When adding a user to the "Linux User/Group to Manage Agents" section of the Agent Management configuration the message “(Not validated)” is erroneously returned
The new user should still be added.
EP-13195: Rapidly changing a computer's policy more than once can sometimes cause the last policy change not to apply
EP-14702: Due to an InstallShield issue, if a reboot is required during installation, the installer may not automatically continue after the reboot
If this occurs, you must manually restart the installation.
EP-16158: Incorrect list of files when creating a snapshot
Sometimes when filtering files and creating a snapshot from the result set, files not part of the result set are included.
EP-17537: When running on Windows Server 2012 R2 the AppC Server cannot access the NIST API due to incompatible cipher suites. Because of this, CPE syncing is not possible on this operating system