Product security is our top priority for Carbon Black App Control. In this release, we have included several new enhancements to ensure that our product is prepared to keep you and your endpoints secure.
These changes include:
- Filenames and pathnames now re-use free IDs. This greatly reducing the chance of reaching the maximum ID number in the database.
- Added the Rapid Config Name and Global State fields to all external event output methods.
- Added HKLM-CurrentControlSet to the list of registry values that appear during autocomplete.
- Added the ability to make a point-in-time copy of a computer and convert that copy to a template.
- Use this method if using Instant Clones. This method requires Windows Agent 8.7 and above.
- You can perform this procedure on a powered on, online computer. You can continue using the computer after using it as the source of the template.
In the user guide, see: Managing Virtual Machines>Creating a Template Computer>Create Template Image.
- Improved backlog processing of clones to not interfere nor block processing of normal file backlogs, especially when multithreaded backlog processing is enabled.
- Improved antibody backlog processing performance.
- Users using either the default password or "password" as their password will be prompted to change their password upon logging in after an install or an upgrade.
- Improved the security and stability of the login mechanics by detecting and deterring non-human login attempts.
- A new communication key is maintained by the App Control server and used to encrypt communications with the agent when the secure communication certificate between them becomes invalid. It is regenerates automatically once per year on the anniversary of the date displayed. You can also regenerate this key at any time.
In the user guide, see: System Configuration> Securing Agent-Server Communications> Regenerating the Communication Key
You can now designate Trusted Communication Certificates that are automatically trusted by the agents.
You can import certificates and designate them to be automatically trusted by the agents. During importation, you can turn certificate trust on or off. After importing, you can turn trust on or off as needed from the panel’s table. You can view the details of each certificate and can add a description which could prove helpful for sorting or filtering purposes.Important: This feature requires an agent that supports trusted communication certificates.
The 8.7.0 Windows agent supports this feature
For macOS and Linux agents, it may be supported in a future release.
Please consult your specific agent release notes to ensure this feature is supported.
Changes to the Events Page
- Fixed an issue where the server did not retain data for unknown events and the event displayed with a blank description.
Now, the event displays with a description of the error.
Added a new “Create new custom rule” toggle specifically for “New unapproved file to computer” events. Clicking the toggle creates a pre-populated custom rule that can be quickly edited and saved.
Updated the following libraries:
- Updated gSoap to version 2.8.111E
- Updated JQuery to version 3.5.1
- Updated Newtonsoft Json.NET to version 12.0.3
- Updated PHP to version 7.3.29
- Updated PHP dependency nghttp2.dll to version 1.43
- Added Microsoft Drivers for PHP for SQL Server, version 5.9.0
- Added nghttp2 library for PHP, version 1.43
- Updated Smarty to version 3.1.39
- Updated Yara to version 4.1.1
Supported upgrade paths
Below is a table explaining the supported upgrade paths for Carbon Black App Control 8.7.0 servers:
|Upgrading from:||Upgrading to:|