VMware Carbon Black App Control 8.8.2 | 10 MAR 2022 | Build 8.8.2.192

Check for additions and updates to these release notes.

8.8.2 Installation Notice: 12 April, 2022

Please be advised that version 8.8.2 of the VMware Carbon Black App Control server contains an issue which can cause installations which have been configured to use SQL authentication to switch to Windows authentication following the upgrade. This can lead to a database connection error and a failure of the system.

Note: This issue does not affect users who are already using Windows authentication.

Our engineers are working on a fix to be released shortly. For users who have upgraded to version 8.8.2 of the server and experienced this issue, please see the following link for a workaround: https://community.carbonblack.com/t5/Knowledge-Base/App-Control-Upgrade-to-8-8-2-with-local-SQL-authentication/ta-p/112198

What's New

The 8.8.2 Server Release Notes provide information for users upgrading from previous versions as well as for users new to VMware Carbon Black App Control.

Product security is our top priority for Carbon Black App Control. In this release, we have included several new enhancements to ensure that our product is prepared to keep you and your endpoints secure.

Security Advisory VMSA-2022-0008

The VMware Carbon Black App Control Server 8.8.0 contains a critical security vulnerability.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2022-22951 and CVE-2022-22952 to this issue. We strongly recommend that you upgrade as soon as possible. For more information, see the VMware Security Advisory: VMSA-2022-0008.

Please contact customer support for questions and assistance with installation .

Improved Accessibility:

In this release we have made changes to improve App Control's interoperability with screen reader technologies.

Updated .NET Framework Requirement

Version 4.8 framework is required. Previously, this was version 4.5.2 or later.

General Changes and Enhancements

  • EP-3193: Added a keyword filter to the policy list when editing rules

  • EP-8346: Certificate validation is now ordered to consider certificates that are yet to be validated and with the next validation time stamp

  • EP-8862: In Approval Request Details, hid the "Advanced" area of the right toolbar when there are no active external connectors enabled

  • EP-8924: Improved UX on Publisher Details page when "Enable reputation approvals for this publisher" checkbox is used

  • EP-10583: Reworked the header on table pages to scroll more smoothly and include the entire header

  • EP-11756: Improved performance when querying the list of certificates on the publisher details page

  • EP-13076: When viewing "Unique Signed Files" from the Certificates page, any currently applied File filters are no longer applied to the view

    In addition, the Unique Signed Files view now displays a page subtitle with the name of the currently selected certificate.

  • EP-13852: In Assets -> Files -> Files on Computers, you can now use the "Computer Tag" field for filters and for grouping

  • EP-14308: Updated tabbed page functionality so that keyboard users can move left and right through tabs without the content loading automatically

    Content is only loaded when the space bar or enter key are pressed.

  • EP-14309: Implicitly associated all form labels and fields on the Add Registry Rule page to improve accessibility

  • EP-14311: Added visual and screen-reader required notation to the required fields on the "Add Registry Rule" page

  • EP-14325: Fixed table header focus so that when columns are sorted using keyboard controls, the focus is not removed from the column header

  • EP-14327: Added screen reader compatibility to the Events page

    The status message is now correctly read by the screen reader when the table contents are loaded.

  • EP-14331: Added screen reader descriptions to "Cache" and "Add" buttons on the Events page

  • EP-14333: Updated form control and label associations on pages using the data table view

    Screen readers can now correctly identify text fields and dropdowns based on their labels.

  • EP-14386: Changed the Carbon Black News feed to the VMware Security Blog feed

  • EP-14597: Increased the reliability of file uploads from agents to server

  • EP-14653: Updated logic for selectable rows on Software Rules page so that clicking elements such as buttons, links, and toggles will not select or deselect the row's checkbox

  • EP-14891: Improved error Handling of incorrect sort modifiers in time-based groupings in the API

  • EP-14607: New installs will now use the app pool identity to access SQL Server

  • EP-15026: Switched the use of the openssl_random_pseudo_bytes function with the default PHP random_bytes which will use the Windows CNG-API

Library Changes

The following libraries were updated:

  • Updated jQuery-UI to version 1.13
  • Updated PHP to version 7.4.27.
  • Updated Sqlite library to version 3.37.2.
  • Updated Yara to version 4.1.3.
  • Removed unused glib-2.dll from PHP library.

Supported Upgrade Paths

The table below shows the supported upgrade paths for Carbon Black App Control 8.8.2 servers:
Upgrading from: Upgrading to:
8.8.0 8.8.2
8.7.x 8.8.2
8.6.x 8.8.2
8.5.x 8.8.2
8.1.10 8.8.2
8.1.8 8.8.2
8.1.6 8.8.2
8.1.4 8.8.2
8.1.0 Patch 2 8.8.2
8.1.0 8.8.2
8.0.0 8.8.2

Resolved Issues

The following defects were fixed in the Carbon Black App Control 8.8.2 Server.

  • EP-6879: Fixed a styling issue where a text field was overflowing its container on the File Details page

  • EP-7970: Updated the v1/computer API to move the computer to the previous policyId when a computer is moved out of LocalApproval and no policyId is specified

  • EP-8090: Fixed an issue where the daily prune task could cause excess transaction log growth

  • EP-9398: Updated the "Deleted" filter on the Find Files page to no longer return an error when used without the "Include Deleted Files" checkbox active

  • EP-9446: Fixed the "Policy Status" filter on the Assets -> Computers page to now reflect the available statuses

    Searching on any of the possible values now returns the correct computers, even if the computers have multiple status values.

  • EP-10325: Fixed an issue where an API user sending the same request to v1/fileRule multiple times would receive a 401 error

  • EP-10376: Fixed a possible integer overflow issue updating application information

  • EP-13462: Added a setting for the Daily Prune Task to prevent the clearing of a specific data set from getting stuck

  • EP-13593: Fixed an issue where small tables encountered problems when scrolling

  • EP-13890: Fixed an issue where some columns did not display in External Notification details

  • EP-14118: Fixed an issue where URL tampering internal events were not being saved to the database correctly

  • EP-14643: Fixed an issue in the API allowing a computer to be assigned to a deleted policy

  • EP-14675: Fixed an issue where subgrouping by certain fields resulted in an error on the events page

  • EP-14733: Fixed a JavaScript issue that prevented autocomplete options from being hidden upon selection

  • EP-14772: Fixed the File Type filter on the Tools > Requested Files > Diagnostic Files table

  • EP-14788: Fixed a UI issue where menu items sometimes remained highlighted on the rules pages when a different tab was selected

  • EP-14808: Fixed an issue that occurred when adding a sorting modifier to the grouped field in time-based groupings

  • EP-14854: Fixed an issue where the database backup task was not running

  • EP-14954: Fixed an issue where Active Directory users with a certain configuration could not access all of the UI

  • EP-14957: Fixed an issue where column selector elements would break to a new line

  • EP-15087: Fixed an issue where some AD logins wouldn't work if a previous user with the same name had been deleted

Known Issues

The following known issues and limitations are present in the Carbon Black App Control 8.8.2 Server.

  • EP-4094: Users without the "View Policies" permission will not be able to make use of Role-Based Access Controls based on policies

  • EP-13195: Rapidly changing a computer's policy more than once can sometimes cause the last policy change to not apply

  • EP-8908: Licensing page fails to display expiration warning when less than one day remains

  • EP-7891: When adding a user to the "Linux User/Group to Manage Agents" section of the Agent Management configuration the message “(Not validated)” is erroneously returned

    The new user should still be added.

  • EP-6796: In some cases it's not possible to export a large amount (300+) of custom rules

  • EP-6721: If a SAML identity provider requires a signed logout request, the logout request will fail

  • EP-4093: When editing the User Roles Page, clicking the Save button has the same functionality as the Save and Exit Button

  • EP-4085: When uninstalling the App Control server a message may appear saying that the system is protected by the App Control agent even though the agent has already been uninstalled

  • EP-3352: An event with the subtype "File deletion failed" is erroneously generated when a file that no longer exists is selected for deletion

    When a file that no longer exists is selected for deletion, the App Control Server should generate an error with subtype "File deletion processed (file not found)". Instead, an event with the subtype "File deletion failed" is erroneously generated.

  • EP-3349: Right after a new version of App Control is installed, the version health indicator will incorrectly report that the previous version is the newest version

    Refreshing the health indicator will cause it to disappear and will remove the incorrect report.

  • EP-3157: Exports to CSV of tabular data from console pages do not render date and time fields consistently with respect to time zone

    Some columns are reported as UTC; others use the local time zone.

  • EP-2879: Baseline Drift Reports only report on Windows computers

    Baseline Drift Reports do not report on Mac or Linux computers.

  • EP-2752: If you modify the permissions of, or disable, the "admin" user that ships with the product, the API module may no longer function correctly, causing problems when using the REST API and the console

    Make sure that the "admin" user retains its "View users" and "Manage users" permissions, and that it is not disabled.

  • EP-1222: If the CryptoAPI cannot initialize, the license will not be imported

    This is typically due to the environment not being set up according to the installation instructions.

  • EP-4152: Grouping does not always work on the Application Catalog or the Applications on Computers page

    If you elect to show the Version Number column and group by it, the groups that appear on the page will not expand.

  • EP-4578: If a user turns on the config property ShowHiddenCustomRules and creates a Custom Rule with a hidden action (that is, an action ending with "(Hidden)") that rule will display as an expert rule after being saved

    Rules of this type requiring an Operation value of "Execute and Write" should be created as two separate rules to avoid losing data.

  • EP-4660: A console user account based on Active Directory may be unable to log into Unified Server even when prompted to authenticate

  • EP-4670: The App Control console can become unresponsive if the query to Active Directory to check user’s permissions times out

  • EP-5504: Systems created using Sysprep may not boot if Tamper Protection was enabled when Sysprep was performed

  • EP-5555: After upgrading the App Control server to the current release, an event of type “Server Management” and subtype "Server upgrade succeeded" that should appear on the Events page does not appear there

  • EP-5700: On the Software Rules page, the column showing affected policies can show a blank policy name. This will appear as two commas with a space between them

    This occurs when a rule once applied to a policy that has been subsequently deleted.

  • EP-5703: Canceling a diagnostic request while it is underway does not always work

    From the App Control console one can request a diagnostic upload from an endpoint. Canceling such a request while it is underway does not always work. Sometimes cancellation can merely cause the endpoint to retry the upload.

  • EP-6510: Some customers have reported seeing false positives with the Doppleganger rule being triggered by TIWorker.exe and TrustedInstaller.exe

  • EP-6515: In a specific scenario it's possible for newly installed agents to register with the server from a deleted policy

  • EP-6719: File analysis through connectors will not work with files containing certain foreign characters in the name

  • EP-4175: In some cases when the server is set to high-level logging, it does not actually log everything that should be logged in this mode

  • EP-14702: Due to an InstallShield issue, if a reboot is required during install, the installer may not automatically continue after reboot.

    If this occurs, you must manually restart the install.

check-circle-line exclamation-circle-line close-line
Scroll to top icon