The 8.1.4 Server Release Notes provide information for users upgrading from previous versions as well as for users new to VMware Carbon Black Protection.

New Features and Product Enhancements

Beginning with 8.1.4, the following improvements and enhancements have been added.

  • To be able to provide fixes and updates more rapidly, the CB Protection Windows Agent and Server installation have been separated.
    • No agents come with the server installation package.
    • You will need to download agent packages separately from the User Exchange.
    • Please see the “Uploading Agent Installer and Rules to the Server” chapter in the CB Protection 8.1.4 User Guide for more details.
  • SQL Server 2016 SP2 and SQL Server 2017 are now supported for CB Protection Server installs.
  • Customers that also have a CB Predictive Security Cloud license can now look up files, computers, and events using the PSC integration Connector found on the connectors tab. Once the connector is configured, new links will appear on the File Details and Computer Details pages. Clicking these links will take you to the relevant PSC page.
  • You can now export File Prevalence to Syslog.
  • The login password hashing algorithm has been updated to use SHA256.
  • There is a new Script rule to track *.hta files when the process is *\mshta.exe. This rule is enabled by default.
  • There is a new option for excluding the tracking of Microsoft support files. You can now exclude tracking these files at either the server or the agent. You can find more information about these new options in the “Excluding Tracking of Microsoft Support Files” section of the CB Protection 8.1.4 User Guide.
  • There is a new RapidConfig intended to block or report a potential exploitn involving jar files appended to msi files and related Microsoft installers. Details of this Windows Installer Embedded File Protection Rapid Config are provided on the User Exchange.
  • Changes to dascli
    • In a new installation, per-agent CLI passwords will be disabled.
    • During an upgrade, the existing Agent Management settings will be used.
    • We now recommend using User or Group permission to manage the agent or to use the Global password and use a high entropy password. By design the per-agent CLI password is low entropy.

New Events

  • Server Management/Agent install package generation disabled
  • Server Management/Agent install package generation failed
  • Server Management/Agent install package generation succeeded
  • Server Management/Default rules not found
  • Server Management/Host package not found (Linux)
  • Server Management/Host package not found (Mac)
  • Server Management/Host package not found (Windows)
  • Server Management/Install failed
  • Server Management/Install succeeded

Changed Events

  • Computer Management/Agent policy changed (new description)
  • Policy Management/Install package creation scheduled (changed subtype and description)

Corrective Content

This section lists the defects that were fixed in CB Protection 8.1.4 Server.

Corrective Content in CB Protection 8.1.4 Server (Build 98)
Item # Description
EP-6925 Fixed an issue where installations would fail when the service account password contained special characters.
EP-6923 Improvements were made to the "Webex Productivity Tools" updater to avoid blocks after updates to Webex Productivity Tools.
EP-7372 Fixed an issue where new Yara rules being received by the server did not trigger agents to request the updated rules.
EP-7962 You should now be able to globally approve files from events in Unified Management.
EP-7757 Regsvr32.exe was added as a default application to report or block when launched by Microsoft Office applications in the "Microsoft Office Protection" Rapid Config.
EP-7690 Improvements were made to the "Google Chrome" updater for windows to handle changes in the Google Chrome publisher.
EP-7909 In previous versions of CB Protection, MSI files were hashed a particular way by the agent. In version 8.1.4 and beyond, those files are being hashed differently. If there are any hash approval rules or hash ban rules based on the old versions of these hashes, the CB Protection Server will automatically create new rules based on the new hash values of the same files.
EP-8178 Fixed an issue with Saved Views on the Events Page where some Saved Views were broken. This fix makes it so that (a) Saved Views that were broken on upgrade to 8.1.0 Patch 2 are now repaired, and (b) upgrading from any earlier version to this version will not break any Saved Views.
EP-6876 Added autocomplete to filters on the events page to match the behavior prior to 8.1.0 Patch 2. The following columns now have autocomplete: Source, IP Address, User, Process Name, File Name, File Hash, Root Hash, Process Hash.
EP-6298 When editing a rule, changing rule types would cause the process specification to switch to "Any Process" regardless of what had been specified prior to switching rule types. Now the process specification is preserved after switching rule types.
EP-6102 Fixed an issue where the CB Protection Server Version was being displayed incorrectly after an upgrade.
EP-7077

Agents installed on Windows Server 2019 will now display the correct OS on the

computers page in the “Operating System” and “Operating System Details” columns.

EP-6056 Fixed a potential failure of the daily prune task's DeleteOldTrackedFiles procedure.
EP-4090 Fixed an issue where it was possible to map a policy to a non-existent AD group, causing the server to crash. User group mappings to non-existent Active Directory groups will be removed onupgrade.
EP-4088 Malformed user-mapping or policy-mapping information should no longer precipitate a server crash.
EP-1683 Fixed an issue where CB Defense's main process, RepMgr.exe, would sometimes trigger the "Report read-only memory map operations on unapproved executables by .NET applications" Memory Map read rule. This change adds RepMgr.exe to the rule named "Do not treat these processes as .NET applications" so that it no longer triggers those events.
EP-6299 Fixed an issue where users may get an error when saving a Saved View despite the view saving correctly.
EP-6735 Improvements were made to the WebEx for Chrome, Firefox, & Internet Explorer updaters.
EP-6537 Fixed an issue where it was possible that editing an indicator set exception would cause the exception to be ineffectual. Now the indicator set will work correctly after an edit.
EP-6529 Fixed an issue where it was possible to get duplicate records on the Applications on Computers page when viewing additional pages from the default view.
EP-7785 Removed the ability to subgroup on the Find Files page.
EP-5510 Improved performance when creating new file rules and modifying existing file rules.
EP-3461 You can now group by hash or process on the Find Files and Files on Computers pages.
EP-7362 SAML should now work with Centrify provided the assertion is signed.
EP-6634 Fixed a bug on the alerts page that showed a blank column option.
EP-7781 Fixed an issue where HTML was being exported to CSV for certain columns.
EP-2375 Fixed a bug causing manually created users to incorrectly display as AD assigned users.
EP-8168 Fixed an issue where Saved Views on the events page involving File Threat or Process Threat were broken on upgrade from versions prior to 8.1.0 P2.
EP-6546 Fixed a bug on the Applications pages where quick filters on hex fields were being converted to integers.