VMware Carbon Black App Control 8.9.0 | 20 OCT 2022 | Build 8.9.0.438

Check for additions and updates to these release notes.

What's New

The 8.9.0 Server Release Notes provide information for users upgrading from previous versions as well as for users new to VMware Carbon Black App Control.

Content-based Inspection

In conjunction with the 8.8 Windows agent release, App Control now supports Content-based Inspection. Content-based Inspection enables administrators to leverage the power of the open source Yara engine to create their own Yara rules to provide more granular control over their security policy. In the 8.9 console, users will see a new tab within Software Rules called Yara. On this tab are existing internal App Control Yara rules and an “Add Yara Rule” button to create rules to use in conjunction with Custom rules.

For detailed information regarding how to use the Yara features, see Yara Rules in the User Guide.

IPv6-only Support

With the release of the 8.8 Windows agent and the 8.9 Server, customers who want to deploy App Control in an IPv6-only network can now do so.

Updated Computers and Devices Pages to Leverage API

The Computers and Devices pages within the console did not leverage the API to pull in page content. We have updated them to load data using the API which enables us to load content without reloading the page. Customers should see improved performance as well as the addition of having the ability to save a view on the Devices page.

Rewrite of Active Directory Module

App Control had leveraged vbscript to manage AD login functionality in the console. It suffered from performance issues as well as being difficult to debug when customers had issues. The new module is much more robust and allows customers to:

  • Reduce the domain forest (to improve performance especially when unreachable domains exist)

  • Login with User Principal Name (UPN)

  • Select default DNS name of AD environment

  • Admins can now set a desired level for AD searches, either Global Catalog or LDAP on the System Configuration page

Additional changes include:

  • Improved the look and feel of the login page

  • Improved antibody pruning performance and effectiveness

  • "ParityHostAgent_sha1.msi" files are now included in policyname.zip files

  • Added a field on the Devices page to show the date a device was Approved or Banned

  • "hosts.php" is now called "Computers.php"

  • Yara rules version is now on the Computers page

  • Added new event type and alert that is triggered when a user saves a rule that is too large

  • "Show individual devices" checkbox on the Device Catalog page has been removed, and its data moved to a new tab: "Devices by Serial Number"

  • Changed platform filter to a drop-down instead of using checkboxes on the computers page

  • Improved Events Page API Querying to prevent frequent timeouts

  • The policy status filter on the computers page is now a drop down

In addition to these features, we have included several security enhancements to ensure that our product is prepared to keep you and your endpoints secure.

Library Changes

The following libraries were updated:

  • Yara to 4.2.2

  • 7-zip to 22.0

  • gSOAP to 2.8.122E

  • PHP to 8.1.7

  • Microsoft Drivers for PHP for SQL Server to version 5.10.1

  • cURL to version 7.84.0

  • OpenSSL to version 3.0.5

  • PCRE2 to version 10.40

  • smarty to version 4.1.1

Supported Upgrade Paths

Important:

This note added on 26 October 2022.

For customers using SQL 2019, installation of the latest Cumulative Update is required before installing version Carbon Black App Control Server 8.9.0. Please see the Server OER for more details.

The table below shows the supported upgrade paths for Carbon Black App Control 8.9.0 servers:

Upgrading from:

Upgrading to:

8.8.4

8.9.0

8.8.2

8.9.0

8.8.0

8.9.0

8.7.x

8.9.0

8.6.x

8.9.0

8.5.x

8.9.0

8.1.10

8.9.0

8.1.8

8.9.0

8.1.6

8.9.0

8.1.4

8.9.0

8.1.0 Patch 2

8.9.0

8.1.0

8.9.0

8.0.0

8.9.0

Resolved Issues

The following defects were fixed in the Carbon Black App Control 8.9.0 Server.

  • EP-4152: Grouping does not always work on the Application Catalog or the Applications on Computers page

  • EP-2474: Fixed an issue where AD accounts with a '$' in the login name were unable to log in (EA-9330)

  • EP-7470: Fixed an issue where browsing for unreachable AD Domains caused an error

  • EP-16539: The policy status filter on the computers page is now a drop down

  • EP-15229: Fixed an issue with DSN string configuration

  • EP-13037: Changed database field to accommodate larger integers. WARNING: This may cause upgrades to take significant time (EA-18322)

  • EP-5700: Fixed a display issue for policies on rule table pages (EA-12361)

    The policy column on these pages will now indicate if a rule no longer applies to any policy that has not been deleted.

  • EP-4766: Fixed an error seen when logging in with an AD user (EA-10094)

  • EP-4660: Fixed an issue with getting the active directory username property (EA-10652)

  • EP-12544: For customers with large enough record counts in the antibodies table and with antibody pruning enabled, a new scheduled task will locate unused IDs for re-use when adding new antibodies to the database (EA-18322)

  • EP-13376: Fixed an issue where AD integration is not working, causing "unable to connect to RootDSE, error 2147016646" (EA-18470)

  • EP-13377: Fixed an issue where AD access times out and ends in the error "Something went wrong" after upgrading to Server 8.6 (EA-18494)

    Improved Active Directory integration response after reboot or server service restart.

  • EP-2772: Improved API performance when called from the UI in certain situations (EA-20663)

  • EP-15387: Fixed an issue where the incorrect OS version would appear for Oracle Linux agents (EA-20718)

  • EP-15677: Fixed an issue where querying second domain in Active Directory does not work (EA-21264)

  • EP-8908: Fixed an issue where licensing page was not displaying expiration warning with less than one day left on the license

  • EP-13897: Fixed an issue where filtering the computer page on the "duplicate" field causes an error

  • EP-14619: Fixed an issue in the logging to correctly print metrics

  • EP-14794: Fixed an issue where filter by "First Seen Name" times out on the File Catalog page

    Improved API query performance when filtering on certain fields.

  • EP-15134: Fixed javascript errors on several console pages

  • EP-15139: Fixed an issue where grouping by "File State Reason" on the events page generates an error

  • EP-15146: Fixed an issue where adding certain filters on the Policy Details page would result in JavaScript errors

  • EP-15387: Fixed an issue where the incorrect OS version would appear for Oracle Linux agents

  • EP-15636: Fixed an issue where the network database is not working

  • EP-15706: Fixed an issue that casuse errors from CPE Data Sync Task

    Improved CPE Dictionary download resilience to NIST API errors.

  • EP-15733: Fixed an issue where adding a Unified Management server client and then removing it causes an error stating it is still connected to a main server

  • EP-15761: FIxed an issue where related views in Unified Management specifying which computers have/not recieved rules are not working

  • EP-15899: Fixed the file details link on the Files on Computers page when the "Show Individual Files" checkbox is unchecked

  • EP-16023: Fixed an issue where adding publishers through the console causes an error

  • EP-16053: Fixed an issue where saved views would not function until a browser refresh on certain tables

  • EP-16057: Fixed an issue where the "Group by:" direction dropdown would show as blank under certain conditions

  • EP-16063: FIxed an issue where acknowleding a publisher would show a failure message even though the process succeeded

  • EP-16082: Fixed an issue with SQL authenticated installs are not installing saved views under certain conditions

  • EP-16122: Fixed an issue where some fields were not populated in cached events views

  • EP-16163: Fixed an issue where date fields on the devices pages would show server local time instead of UTC

  • EP-16395: Fixed an issue where using search field on computers page changes column section

    Using the search bar on the Computers page no longer resets the column list.

Known Issues

The following known issues and limitations are present in the Carbon Black App Control 8.9.0 Server.

  • EP-1222: If the CryptoAPI cannot initialize, the license will not be imported

    This is typically due to the environment not being set up according to the installation instructions.

  • EP-2752: If you modify the permissions of, or disable, the "admin" user that ships with the product, the API module may no longer function correctly, causing problems when using the REST API and the console

    Make sure that the "admin" user retains its "View users" and "Manage users" permissions, and that it is not disabled.

  • EP-2879: Baseline Drift Reports only report on Windows computers

    Baseline Drift Reports do not report on Mac or Linux computers.

  • EP-3157: Exports to CSV of tabular data from console pages do not render date and time fields consistently with respect to time zone

    Some columns are reported as UTC; others use the local time zone.

  • EP-3349: Right after a new version of App Control is installed, the version health indicator will incorrectly report that the previous version is the newest version

    Refreshing the health indicator will cause it to disappear and will remove the incorrect report.

  • EP-3352: An event with the subtype "File deletion failed" is erroneously generated when a file that no longer exists is selected for deletion

    When a file that no longer exists is selected for deletion, the App Control Server should generate an error with subtype "File deletion processed (file not found)". Instead, an event with the subtype "File deletion failed" is erroneously generated.

  • EP-4085: When uninstalling the App Control server a message may appear saying that the system is protected by the App Control agent even though the agent has already been uninstalled

  • EP-4093: When editing the User Roles Page, clicking the Save button has the same functionality as the Save and Exit Button

  • EP-4094: Users without the "View Policies" permission will not be able to make use of Role-Based Access Controls based on policies

  • EP-4578: If a user turns on the config property ShowHiddenCustomRules and creates a Custom Rule with a hidden action (that is, an action ending with "(Hidden)") that rule will display as an expert rule after being saved

    Rules of this type requiring an Operation value of "Execute and Write" should be created as two separate rules to avoid losing data.

  • EP-5504: Systems created using Sysprep may not boot if Tamper Protection was enabled when Sysprep was performed

  • EP-5555: After upgrading the App Control server to the current release, an event of type “Server Management” and subtype "Server upgrade succeeded" that should appear on the Events page does not appear there

  • EP-5703: Canceling a diagnostic request while it is underway does not always work

    From the App Control console one can request a diagnostic upload from an endpoint. Canceling such a request while it is underway does not always work. Sometimes cancellation can merely cause the endpoint to retry the upload.

  • EP-6510: Some customers have reported seeing false positives with the Doppleganger rule being triggered by TIWorker.exe and TrustedInstaller.exe

  • EP-6515: In a specific scenario it's possible for newly installed agents to register with the server from a deleted policy

  • EP-6719: File analysis through connectors will not work with files containing certain foreign characters in the name

  • EP-6721: If a SAML identity provider requires a signed logout request, the logout request will fail

  • EP-6796: In some cases it's not possible to export a large amount (300+) of custom rules

  • EP-7891: When adding a user to the "Linux User/Group to Manage Agents" section of the Agent Management configuration the message “(Not validated)” is erroneously returned

    The new user should still be added.

  • EP-13195: Rapidly changing a computer's policy more than once can sometimes cause the last policy change to not apply

  • EP-14702: Due to an InstallShield issue, if a reboot is required during install, the installer may not automatically continue after reboot

    If this occurs, you must manually restart the install.

  • EP-16158: Incorrect list of files when creating a snapshot

    Sometimes when filtering files and creating a snapshot from the result set, files not part of the result set are included in the snapshot.

check-circle-line exclamation-circle-line close-line
Scroll to top icon