The 8.1.0 Patch 2 Server Release Notes provide information for users upgrading from previous versions as well as for users new to VMware Carbon Black Protection.
New Features and Product Enhancements
Beginning with 8.1 Patch 2, the following UI improvements and enhancements have been added.
Improved Processing of Table Page Actions
- Table actions (on new table pages only) now show a progress bar on actions.
- Table actions are now “chunked” for processing. This allows you to perform actions on larger groups of items without timing out or getting logged out, and also makes larger CSV exports possible.
Note: These changes apply to Events, Files, and Rules pages
Other Table Improvements
- Quickfilters: There are now icons on cells and headers that you can click and quickly filter by fields.
- Row selection: You can click on a row with a checkbox and the whole row will highlight.
- Double click for details: If you double click on a row, the the details page for the object in that row will open (if one exists).
- Drag-and-drop columns: You can reorder columns by dragging-and-dropping the table headers.
Events Page Improvements
- Subgroups: On the Events page, in addition to displaying results sorted into groups, you can also add a sub-group under the group you choose.
- Group count: Sorting by group count is now allowed on the Events page.
- Agent Version: This field is now available as a column on the Events page.
Corrective Content
This section lists the defects that were fixed in CB Protection 8.1.0 Patch 2 Server.
| Corrective Content in CB Protection 8.1.0 Patch 2 (Build 3546) – Windows Agent | |
|---|---|
| Item # | Description |
| EP-6200 | Fixed the noisy assert in the agent process tracking that would complain about PID 4 not being enumerated. |
| EP-6144 | Fixed the information caching issue where sometimes the agent would give the following error stating "isLocal mismatch Kernel[x] Usermode [y]". |
| EP-4988 | Fixed an issue where a critical system process, for example ntoskrnl.exe, may be tagged by CB Protection Agent as Bit9:Terminated which results in blocks of any I/O the process performs before it is terminated. Because critical system processes cannot be terminated by the Agent, the issue persists until the system is rebooted or the tag is removed by using expert rule tagging actions. |
| EP-1543 | To reduce the number of expanded rules, the system will wildcard per user rules (e.g. C:\Users\*\Documents) instead of expanding the rule once per logged in user. If a user has changed their folder location, this release will always include an expansion for the changed location. |
| EP-3481 | Fixed an issue where files could be silently blocked even after Allow was clicked when being prompted by the notifier. |
| EP-5280 | Updated the OpenSSL version the agent uses to 1.0.2o |
| EP-6866 | Fixed an issue where the agent would, under some circumstances, scan the computer for new scripts on every startup. Users may see a small positive performance impact. |
| EP-7067 | Fixed an issue where it was possible the machine would hang upon reboot after upgrading the CB Protection agent. |
| Corrective Content in CB Protection 8.1.0 Patch 2 (Build 3546) – Server | |
|---|---|
| Item # | Description |
| EP-6562 | Fixed an error on logout during SAML setups that did not use an encryption certificate. |
| NA | Fixed a SAML issue with Active Directory Federation Services. For ADFS we now accept the following Attribute tags: KeyInfo, Issuer, AttributeValue, AttributeStatement |
| EP-2821 | Resolved an issue with uploading diagnostic files to the CBP server that had non-ansi convertible characters. This has been resolved in this version and the User Guide has been updated to reflect the new behavior. Please see “File and Path Information for Uploaded Files” section in the User Guide for more information. |
| EP-3513 | In prior versions, the following message was erroneously triggered when using Unified Management to locally approve files on linked servers: `Notice: Cannot create local approval for computer id: X because it is currently in a deleted state.' |
| EP-1712 | When creating a rule, one can specify a list of users to which the rule applies. This field had room for only 1024 characters. With this release, the field has been expanded to accommodate 2048 characters. |
| EP-2163 | In version 8.0.x in an AD environment, autocomplete of user names was not finding a match when creating a new custom rule. Autocomplete of username fields will now tap into a larger data source. |
| EP-5246 | When rules are exported to CSV, the policy column should now display all policies instead of being truncated as they are the policy column should now contain all policies instead of being truncated as they are when displayed on the rules page. |
| EP-6130 | Expert memory rules where the "Authorization Action" is "Terminate Source Process" now correctly terminate the source process. |
| EP-6219 | Fixed wildcarding of per user macros. Rules that reference per user macros such as <MyDocuments> will expand to a single rule (C:\Users\*\Documents) instead of expanding to a rule per logged in user. |
| EP-6227 | Fixed an issue where, if a rule was targeted to a specific user was exported and then imported, CB Protection would sometimes fail to assign the rule to the user on import. |
| TT-47500 | User name is no longer lost on import. |
| EP-6542 | Fixed "Imported" column in Custom, Memory, and Registry rule tables. Previously it would not update to “Yes” after importing rules. |
| EP-5930 | Agent upgraded events no longer show the incorrect time stamp as the release of the agent software and now show the time at which the agent was upgraded. |
| EP-2064 | Fixed a bug on the computers page that was preventing expanding or shrinking of groups of assets. |
| EP-2768 | Previously, on Windows machines, enforcement by the CB Protection agent of tamper protection was preventing Windows from cleaning up control sets in the registry after a restart. Symptoms of this problem were an accumulation of registry keys in HKLM\System that are no longer needed and many tamper protection block events in the console that indicate services.exe was blocked from deleting ControlSet??? entries. We now allow the OS to delete old ControlSet??? entries from the registry without blocks from tamper protection and related tamper protection events. |
| EP-3271 | Three more Australia time zones were added: Sydney, Brisbane, and Perth. |
| EP-3434 | Fixed an issue where certain links to the Find Files page were timing out. |
| EP-3442 | Fixed how the Console handles periodic database connection failures. Previously, periodic failures of database connectivity caused the Console to get stuck logging the same error repeatedly. This has now been addressed. |
| EP-4300 | Users with the permission to manage local state can now locally approve files from the events page. |
| EP-4584 | Fixed an issue where it was possible that CBP would report file analyze blocks for files that were already deleted before their analysis could be completed. CBP should no longer report file analyze blocks for deleted files. |
| EP-4920 | Rapid Config rule names should now appear in the Rule Name column on the events page. |
| EP-5077 | Fixed an issue where certain event fields were showing up with HTML escaped code. |
| EP-5087 | Previously, Tamper Events would be seen when svchost.exe attempted to write to the sEstimatedSize2 value in the agents uninstall registry location - HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersi on\Uninstall\{DA971CA3-73AA-4A57-AFB4-8155E72CEB96}\sEstimatedSize2 This fix allows svchost to update that value and avoid the Tamper Protection events. |
| EP-5764 | A limitation that constrained computer names to fewer than 40 characters has been lifted. |
| EP-5972 | Fixed an issue that prevented inserting publishers with long names from being stored in the database. |
| EP-6556 | Fixed an issue where some approval request columns were being exported with HTML tags when exporting to CSV. |
