The 8.1.0 Server Release Notes provide information for users upgrading from previous versions as well as for users new to VMware Carbon Black Protection.

New Features and Product Enhancements

The following features were new in the initial release of 8.1.0.

File Delete

Beginning with 8.1.0 GA, you can delete files on CB Protection 8.1 Windows Agents through the CB Protection console.

The commands for deleting files are available in the following locations:

  • File Catalog page
  • Files on Computers page
  • Find Files page
  • File Details page
  • File Instance Details page

In addition, you can create Event Rules that will automatically delete files when certain events occur, such as a report of a malicious file.

Role-based Access Control

There is a new Files permission in this release called “Delete files.” This is associated with the new File Delete feature. Users with this permission have the ability to delete files on computers.

New Event Types

There are several new Event subtypes that get reported in relation to the deletion of files:

  • File deletion requested
  • File deleted
  • File deletion processed (file not found)
  • File deletion failed

More details can be found in the CB Protection user guide.

Two Factor Authentication using SAML

The CB Protection console can be integrated with identity providers (IDPs) that use the Security Assertion Markup Language (SAML). This allows you to require two-factor authentication (2FA) for logging in to the CB Protection console, for compliance purposes or to meet your own best practice standards.

FIPS 140-2 Certification

FIPS 140-2 certification allows CB Protection to be deployed by federal agencies, including contracted service providers and other organizations requiring stringent security standards to protect sensitive information. 8.1.0 adds support for FIPS compliant use with our Server and Windows agent. In future releases we will have FIPS compliant Linux and Mac agents.

Corrective Content

This section lists the defects that were fixed in CB Protection 8.1.0 Server.

Corrective Content in CB Protection 8.1.0 (Build 3324) – Windows Agent
Item # Description
EP-3521 Fix for BSOD in VM layering environments due to pushing of Protection upgrade layer while keeping old registry data after agent upgrade.
EP-2751 Rolling logging of Agent Logs was not working correctly. Some logs would get lost and agent config properties such as max_rolling_trace_size_mb and max_rolled_trace_logs_to_keep would not be obeyed. Now rolling logging works correctly.
EP-3217 A problem was identified that could lead to system files installed by Windows Update to not be approved properly if updates were installed more than fifteen minutes apart from each other. This affects agents running 8.0.0 Patch 3 through 8.0.0 Patch 5 but is now addressed.
EP-2400 Under some circumstances, when removable drives are connected to a system running the agent during system restart, duplicate records of a file may have been created, triggering errors in the agent logs and error events on the server. This is corrected.
EP-1199 Event for timed override completion was missing. Added event notification for this and also fixed bug where timed override could cause the agent to stop sending events to the server until restart.
EP-1133 Integration with Check Point has been updated to use Threat Prevention API 1.0. CBP Server will now use https://te.checkpoint.com address for cloud file analysis instead of previously using https://te-s.checkpoint.com address. After the update, file analysis reports might include more detailed information than before.

52534

31401

Fixed an issue with a Windows account that was unable to connect to the CB Protection Server when the password included braces, single quotes, or double quotes.
EP-1185 Private memory usage cap in default application pool for IIS has been set to 1024 Mb, which is according to our OER and should provide optimal performance for the CB Protection Console.
EP-5495 Upgraded PHP to 5.6.36 from 5.6.35
EP-2856 An issue was addressed in this release that caused software rules based on parent-child relationships between processes to not consistently trigger on processes that were started before the parity.sys driver was loaded.
EP-2111 When a new Custom Rule was created by action "Copy this rule...", the rank of this rule was not correct. The created rule should now be ranked on the top of the list of the custom rules.
EP-5395 Files that are banned by policy can now be locally approved on computers policies in which those files are not banned.