The Advanced Options tab on the System Configuration page includes options related to database backup, computer and agent management, certificate and updater rules, general console management, and settings for optional features.

This section provides a basic description of Advanced Options. The following table describes the parameters on this page, except for the Database Backup parameters. For information about Database Backup options, including backup and restore instructions, see Backing Up the App Control Server and Restoring the App Control Server.

Table 1. Advanced Configuration Options

Section:Field

Description

Database Backup

See Backing Up the App Control Server for a description of these options.

App Control Agent: Automatic Agent Upgrades

When Enabled, Carbon Black App Control Agents are notified when a new agent version is available and if the Policy of which the agent is a member also has agent upgrades activated. It is normally Disabled and is used during a Carbon Black App Control Server upgrade. It has no effect on a new Carbon Black App Control Server installation. See the VMware Carbon Black Cloud Agent Installation Guide for full instructions on agent upgrades.

App Control Agent: Full OS Inventory Tracking

If the Track inventory radio button is selected for locally approved support files signed by Microsoft Windows or Microsoft Corporation publishers, all files from Microsoft are tracked in the file inventory for this server. If either of the other radio buttons is selected, locally approved support files whose publisher is Microsoft Windows or Microsoft Corporation are excluded from tracking in the Carbon Black App Control database, which can significantly reduce the load on the server. See Excluding Tracking of Microsoft Support Files for details of the exclusion options.

App Control Agent: Resource Download Location

This field allows you to change the location from which agents and configuration files are downloaded.

If you change this setting, you must restart the server for it to take effect.

App Control Console: Log Users Out After

Time period of no activity after which a user is automatically logged out the ACarbon Black App Control Console.

App Control Console: Files to ignore

Files that you want to exclude from the Files page lists. The files are separated by commas with an optional wildcard character (*). Events associated with ignored files continue to display in the Events table and can trigger alerts. Ignored files can be located as Find Files results. This setting is not normally used in Carbon Black App Control Server operations.

API

If API Access Enabled is selected, the Carbon Black App Control APIs are made available on this server. APIs allow access to the Carbon Black App Control Server and its database via automation and scripting using a variety of languages. See App Control API for details.

File Uploads

(Optional) Settings for the separately licensed feature for uploading files from agent computers. Determines the location to which files are uploaded and the length of time they remain on the server before deletion. See Uploading Files from Agents for more details.

Old Computer Cleanup: All Computers

Period of time offline after which any disconnected computer is deleted from the list of computers that this Carbon Black App Control Server manages. Select the check box to activate cleanup, and enter the number of days offline after which a computer is deleted.

If you reconnect a deleted computer and the computer is still running the Carbon Black App Control Agent, the computer will resync its file list and return to its last configured policy (if available) or the Default Policy. See Deleting Computers for more details.

Old Computer Cleanup: Computers Matching Filter

A filtered version of automatic deletion of computers from the list of Carbon Black App Control-managed computers after a certain period of time. Select the check box to activate cleanup, and enter the number of days offline after which a computer is deleted.

You can add one or more filters to limit deleted computers to those matching the criteria that you specify. For example, you can delete only virtual computers when they reach the time limit, or you can delete all computers matching a particular tag (for example, “Visitor”). The filter options are:

  • Computer name
  • Computer tag
  • IP Address
  • Identifier (MAC address)
  • Parent Template
  • Platform
  • Policy
  • Virtualized
  • Virtual Platform

Computers must match all filter criteria to be deleted.

Software Rule Options: Updaters

If Automatically update application updaters from Carbon Black File Reputation is selected, Carbon Black File Reputation keeps the Updaters list in the Software Rules section on your Carbon Black App Control Server up-to-date with any new versions it confirms.

If this setting is not selected, the Updaters that are listed continue to be those provided at server installation time, supplemented by any updaters you have manually defined.

Software Rule Options: Event Rules

If Process event rules is selected (the default), events matching rules that are defined and activated on the Event Rules page can trigger actions such as file analysis or file banning. See Event Rules for more details.

Software Rule Options: Indicator Sets

If Automatically update from Carbon Black File Reputation is selected (the default), Carbon Black File Reputation keeps the Indicator Sets used for threat detection up-to-date. See Advanced Threat Detection for more information about Indicator Sets.

Software Rule Options:Health Indicators

If Automatically update from Carbon Black File Reputation is selected (the default), Carbon Black File Reputation downloads Health Indicators that are used to monitor and report on system health, and updates them when necessary. If this setting is not selected, the System Health feature is not available. See Monitoring System Health for more on health indicators.

Certificate Options: Expired Certificates

If Allow approval of software with expired certificates is selected, an expired certificate may be used for publisher-based approval of a file, if the certificate was valid and the certificate timestamp is within the period during which it was valid. See Approval with Expired Certificates for more details.

If this setting is not selected, software with expired certificates cannot be approved by publisher.

Certificate Options: Exclude Publisher Approvals With These Certificate Algorithms

This option determines which certificates are excluded from use for publisher approvals. If the check box for a certificate algorithm is selected, files signed by a publisher whose certificate uses that algorithm cannot be approved by publisher. See Excluding Certificate Algorithms for more details.

The options are:

  • MD2RSA
  • MD5RSA
  • SHA1RSA
  • SHA256RSA

Certificate Options: Minimum Certificate Key Size For Approval

This option specifies a minimum key length for a certificate to be used for file approval by publisher. Certificates whose key size is greater than or equal to the chosen value may be used for approval by publisher. Certificates whose key size is smaller than the chosen value may not be used. The default value is 512. See Minimum Key Size for more details.

Certificate Options: Digital Signatures

If Require countersignature is selected, a countersignature is required for the digital signature of each certificate that is used to identify a publisher. See Countersignature Options for information that can assist you in configuring this option.

Certificate Options: Initial Revocation Check

Determines whether and how a certificate revocation check is done at initial file discovery on an agent. There are three possible values:

  • Network – If revocation information is not locally available, then use the network to retrieve a certificates revocation status.
  • Cache – Use locally available revocation status information when performing certificate revocation (the network is not used).
  • None – Do not perform certificate revocation checking.

Consider your agent deployment scenario when setting these values. They can impact agent performance. See Revocation Checks for more details.

Certificate Options: Background Revocation Check

Determines whether and how certificate revocation checks are done for existing files on an agent every 24 hours. If activated, these checks are done in the background. The possible values are the same as those for Initial Revocation Check.

See Revocation Checks for more details.

Certificate revocation checks are also done by the server, usually on a weekly basis. Server-based revocation checks are not affected by the initial or background revocation check settings. If you are monitoring network connections, be aware that some traffic is for these revocation checks, and can involve sites in various countries.

Login Banner: Display Login Banner

This checkbox enables and disables display of a custom banner on the login page when users log in to Carbon Black App Control. You must provide the text for this banner in the following field.

Login Banner: Banner Text

The text displayed in the custom login banner when enabled. In addition to Unicode text characters, you can use the following markup symbols:

<br> for a line break

<p> and </p> to begin and end paragraphs

<b> and </b> to bold and unbold text

Login Banner: Font Color

The font color for the banner on the login page. This can be in any valid CSS format or six hexadecimal digits. Default is 333333 (dark gray). See https://www.w3.org/TR/css-color-3/ for CSS color specifications.

Login Banner: Background Color

The background color for the banner on the login page. This can be in any valid CSS format or six hexadecimal digits. Default is D3D3D3 (light gray).

Login Banner: Border Color

The border color for the banner on the login page. This can be in any valid CSS format or six hexadecimal digits. Default is 000000 (black).