For each security policy you create, an agent installer is created for each supported platform (Windows, macOS, or Linux) for which an initial installer package has been uploaded to the server. Each agent installer includes the policy assigned to the computer and the Carbon Black App Control server address
If you do not use AD-based policy assignment, you choose the agent installer for each endpoint based on the endpoint’s platform and the policy that you want to control that endpoint.
Setting up your server so that it can create installers is described in Uploading Agent Installers and Rules to the Server. Installation of agents on endpoints is described in:
- Downloading Agent Installers
- About Installing Agents on Endpoints
- Installing Windows Agents on Endpoints
- Installing Linux Agents on Endpoints
- Installing macOS Agents on Endpoints
- As soon as the agent software is installed into a visibility-mode or control-mode policy.
- If the agent is moved from a disabled-mode policy to a visibility-mode or control-mode policy.
The agent takes an inventory of all “interesting files” (executables and defined scripts) on the client computer’s fixed drives (but not removable drives) and creates a hash of each file. When an endpoint first connects to the server, its agent sends these hashes to the Carbon Black App Control server to update the server’s file inventory.
Carbon Black App Control assigns files both a local and a global file state. Files that exist on an endpoint at initialization receive a local state of Approved unless they have previously been identified and globally banned or banned by policy on the Carbon Black App Control server.
Unless pre-banned or pre-approved by an Carbon Black App Control rule, files that the Carbon Black App Control server has never seen before will get the global state of Unapproved and be added to the catalog. If a file was first seen on this agent after initialization, it will also get the local state of Unapproved on the agent. For more information on file state, see "File State, Approving and Banning" in the VMware Carbon Black App Control User Guide.
During initialization, the computer is protected by whatever security policy is assigned to it, and file activities are allowed or blocked according to that policy.