Before installing a new Carbon Black App Control agent on any platform, review the following considerations.
- The agent is a per-system application, not per-user.
- Installing Carbon Black App Control agents on containers is not supported.
- Make sure the computer and operating system on which you are installing the agent is supported. See the following Operating Environment Requirements guides for agent hardware requirements and supported OS versions:
- Carbon Black App Control Windows Agent (on Windows Desktop) Operating Environment Requirements
- Carbon Black App Control Windows Agent (on Windows Server) Operating Environment Requirements
- Carbon Black App Control Windows Agent (Embedded) Operating Environment Requirements
- Carbon Black App Control Linux Agent Operating Environment Requirements
- Carbon Black App Control macOS Agent Operating Environment Requirements
- The Carbon Black App Control agent installation process is non-interactive; it requires no user input. As soon as installation is completed, the Carbon Black App Control agent begins working — no additional configuration is needed, and in most cases a restart is unnecessary.
- As soon as the agent is installed, the computer is protected by a security policy, and the agent connects to the server and begins initializing files. Because initialization can involve significant data flow between the server and its new clients, consider your network capacity and number of files when planning agent roll-out. Simultaneous agent installation on all endpoints on a large network is not recommended.
- If you are configuring your App Control Server for the first time, consider setting up a reference computer with files you know you want to globally approve; you can also use that computer as a baseline for measuring any file inventory drift. See "Monitoring Change: Baseline Drift Reports" in the Carbon Black App Control User Guide.
- Decide how the agent will be installed on this system. You can choose from the following options:
- Use an existing software deployment mechanism. Although new agent installations are normally done in non-interactive mode, you can optionally create an interactive end-user installation experience. If you use a third-party distribution system to install agents, follow all recommended procedures. For Windows installations, disable any possible MSI or MSP transformations inside your distribution system (such as SCCM).
- Have a system administrator or other qualified person manually install the agent software on each endpoint.
- Allow users to install the agent software themselves. Send e-mail to users associated with each policy, and instruct them to browse to the agent download URL or another shared location, download the specific installer file for their policy, and run the installation on their computers. No interaction is needed – the installation runs without prompts and then the agent begins to initialize files.
- The agent installer must be run by a user with the appropriate administrative rights. On Windows, this can be either by Local System or by a user account that has administrative rights and a loadable user profile. On macOS and Linux, the user must be able to use sudo.
- Make sure your server has the latest agents and rules; see Uploading Agent Installers and Rules to the Server.
- Be sure to download the correct installation package for your policy and platform; see Downloading Agent Installers. If you are using AD-based policy assignment, a platform-specific agent installer for any policy that allows automatic policy assignment can be used.
- Although the console prevents creation of policies whose names have generally known invalid characters, examine the policy name to see whether it contains characters that might require special handling (such as escaping in a command line) on your specific platform.
- If Microsoft OneDrive™ is in use, only the default path is supported: (c:\users\<username>\OneDrive)
Custom OneDrive paths are not supported.
During Initialization, the App Control agent will ignore the One Drive directory, thus leaving all of the files inside it as unknown.
Note:
- Carbon Black does not recommend storing executables in the cloud. In the event that a file is executed from the cloud, the agent treats the file as unknown.
- Support for OneDrive is enabled by default. To disable OneDrive support, contact Carbon Black Support.