VMware Carbon Black App Control 8.7.8 | 21 JUL 2022 | Build 8.7.8.787.388

Check for additions and updates to these release notes.

What's New

This maintenance release resolves several quality issues with the product.

VMware encourages customers to always update to the latest versions of VMware software to benefit from security and stability improvements.

Installation Instructions

As of the 8.1.4 server release, the Windows Agent no longer comes bundled with the VMware Carbon Black App Control Server, nor does it require manual (command line) steps to add it to the server.

You can upgrade Carbon Black App Control Windows Agents without having to upgrade the Carbon Black App Control Server. Please see the latest Carbon Black App Control User Guide for more information.

NOTE: This Windows Agent is compatible with App Control Server version 8.1.4 and subsequent releases

For information regarding which Windows operating systems are supported in this release, please review the respective Windows Agent OER:

Resolved Issues

The following issues were resolved in this release.

  • EP-14537 - Fixed a BSOD that could occur when analyzing non-standard process command lines (EA-19735)

  • EP-15311 - Fixed an issue where the agent upgrade fails because the existing installation is detected as a per-user installation which is not supported (EA-20523)

  • EP-15329 - Fixed an issue where some files during a Windows update are not locally approved and get blocked (EA-20407)

  • EP-15392 - Fixed an issue where the App Control driver would stall access to files that it mistakenly believed were being analyzed by the App Control server(EA-20898, EA-20947)

    This caused sharing violations with applications like explorer.exe trying to access the same files.

  • EP-15503 - Fixed an issue where an App Control database restore could cause rules on the agent to not reflect the state of the policy settings on the server(EP-15608, EA-18032)

    The agent now re-imports all configlist entries to be consistent with the server.

  • EP-15648 - Fixed an issue where a file block may occur because the agent failed to analyze the file and retrieve the yara tags(EA-20779)

    For a customer to completely address this issue it is necessary to configure the “allow_inaccessible_files” agent configuration property. Details on setting this property can be found at: https://community.carbonblack.com/t5/Knowledge-Base/App-Control-Allow-Inaccessible-Files/ta-p/63826

Known Issues

  • EP-1201: On Windows 2003 x64, you may see a health check reporting improper classifications immediately after installation

    This should go away after roughly fifteen minutes.

  • EP-1682: Carbon Black App Control does not support in-container enforcement

    Users can use the Microsoft Edge Virtualization feature, but Carbon Black App Control will not enforce rules within the container. It will, however, enforce rules on anything that breaks out of the sandbox.

  • EP-2393: The appearance in the console of block and report events related to the Ransomware rapid config may be delayed by a minute or more

  • EP-5483: The agent currently tracks all the extracted content from the Windows 10 WIM image in the temp directory

    A rule to ignore these writes is not yet functioning properly.

  • EP-5498: In some cases, the agent will report an empty installer for a given file

    The file will still be correctly approved or not, as expected on the endpoint. Only reporting of the source installer is failing, not enforcement of relevant rules.

  • EP-6104: Cleanmgr.exe is a windows utility process that runs occasionally and will copy files to the "temp" folder in order to run analysis on them

    These files are only copies of other files already on the machine and cleanmgr.exe never executes them.

  • EP-6106: An installation of a new Carbon Black App Control Agent on the latest version of Windows 10 can result in a health check error due to a miscalculation of how many events the agent should send to the Carbon Black App Control server

    This problem disappears after a reboot.

  • EP-6107: After upgrading agents on Windows XP systems, it is possible to see signature error events stating that the installer download failed

    The upgrade should be successful and there should not be any impact on the upgrade process.

  • EP-6197: Occasionally the agent will complain about metadata not being properly populated and trigger an Error

    The Error implies a mismatch in expectation but is not expected to break functionality of the agent and can be ignored.

  • EP-6982: Carbon Black App Control does not support NTFS reparse points as exclusion paths and they should not be used with kernelFileOpExclusions configuration rules

    Reparse points include such objects like symbolic links, directory junction points and volume mount points.

  • EP-10542: When uninstalling the agent, a Carbon Black App Control Agent dialog displays informing the user that certain applications must be closed before continuing the installation

    This informational message is caused by a known msiexec defect.

    Important: This could occur during a removal of the agent using "add/remove programs" or during an upgrade of the agent if you are using 3rd party software or a manual upgrade using msiexec.

    Customers that perform agent upgrades from within the Carbon Black App Control Admin console are not affected.

    When uninstalling the agent or performing a manual upgrade, or upgrade using 3rd party software, you can suppress this dialog with the additional msiexec command line argument "/qb-". This will disable modal dialog during manual uninstalls and upgrades.

    The example below shows how to manually uninstall the Carbon Black App Control agent with the /qb- argument:

    msiexec /x {9F2D4E59-0528-4B22-B664-A6B0B8B482EE} /qb-

    This issue is not new to the Windows agent and possibly affected customers on earlier releases. A long term fix will be implemented in a future release.

check-circle-line exclamation-circle-line close-line
Scroll to top icon