Updated on: 8 Feb 2021
VMware Carbon Black Cloud Workload 1.0.1 | 12 JAN 2021 | Build 17340318
Check for additions and updates to these release notes.
Added KB article link.
What's in the Release Notes
VMware Carbon Black Cloud Workload is a data center security product that protects your workloads running in a virtualized environment. It provides an ability to ensure workloads have built-in protection making security intrinsic to the virtualized environment. It includes core capabilities such as agent-less delivery, inventory, lifecycle management and vulnerability assessment. It also includes endpoint protection capabilities such as next-gen antivirus, real-time threat hunting and endpoint detect and response.
For more information, see:
- VMware Carbon Black Cloud Workload Product Page
- VMware Carbon Black Cloud Documentation Center
- Carbon Black Cloud Console Release Notes
Prior to the Carbon Black Cloud Workload, VMs were treated as Endpoints. We recommend updating the Carbon Black sensor to the latest sensor version prior to enabling the Carbon Black Cloud Workload. These sensors can also be upgraded after the Carbon Black Cloud Workload is enabled.
The VMWare Carbon Black Cloud Workload Appliance v 1.0.1 is a maintenance release containing regular security updates and minor improvements based on customer feedback.
This section contains information about VMware Carbon Black Cloud Workload core capabilities.
Users can easily enable Carbon Black protection on eligible virtual machines with a single-click both from the Carbon Black Console and vSphere Client. After Carbon Black protection is enabled, there is no need to reboot the virtual machine. This eliminates the burden of deploying an additional agent and disrupt any business operations. This experience is supported on both Windows and Linux virtual machines.
Carbon Black's sensor launching capability is packaged in VMware Tools 11.2.0. This determines the eligibility of Windows virtual machines for Carbon Black protection and facilitates the agent-less delivery with a single-click and no disruption to any business operations.
Carbon Black plugin can be accessed using the vSphere Client. This provides the capability to the vSphere Admin to enable/disable Carbon Black on eligible workloads and access protection services such as Inventory, Lifecycle Management, Vulnerability Assessment.
InfoSec admin and vSphere admin can easily view the inventory of the virtual machines using the Carbon Black Console and vSphere Client. They can easily learn about its protection status and assigned policies. With a single click, they can get access to a richer data set about virtual machines including their vulnerabilities, and trigger various management actions.
InfoSec admin and vSphere admin can easily enable/disable/upgrade Carbon Black sensor on the virtual machines. With a single click, they can enable/disable/update Carbon Black sensor on one or multiple virtual machines. InfoSec admin can even perform additional actions such as assigning policy, enable/disable bypass, query assets, etc. on one or multiple virtual machines using the Carbon Black Cloud console.
VMware Carbon Black Cloud Workload provides InfoSec and vSphere admins with a list of OS and Application vulnerabilities across protected virtual machines. This solution is scan-less and risk-prioritized to reduce operational overhead and to provide the most critical data to you in an easy-to-consume format.
Typically such a feature needs an additional agent or a scanning process to catalog the vulnerabilities which adds to an operational overhead. With Carbon Black's unfiltered data collection support, there is no need of any additional agent or a scanning process.
Legacy vulnerability scanning approaches focused on identifying the CVE mapping and adhered exclusively to CVSS scoring mechanism. Carbon Black Cloud Workload extends this approach by adding a risk score from Kenna Security's data feed. This risk-based approach verifies if the vulnerability is easily exploitable if there are any known malware or active internet breach reports. This provides an ability to prioritize vulnerabilities for remediation activity.
The resolved issues are grouped as follows.Carbon Black Cloud Console
The on-premise appliance relies on an API key to communicate and register with the Carbon Black Cloud. If this key is deleted from the Carbon Black Cloud after an appliance is registered, then the appliance will incorrectly display a successful registration status.
The known issues are grouped as follows.Carbon Black Cloud Workload Plug-in
Complex passwords with the ampersand "&" as a special character are not supported when deploying the Carbon Black Cloud Workload appliance directly from the ESXi Host (not using the vCenter OVF deployment workflow).
Workaround: You can install with a simpler password without any special characters and then later change the password as per your choice.
The Export button on the Asset View within the Vulnerability dashboard may not work for vCenter Server 6.7 and 7.0 due to a known vCenter Server issue. The external documentation links are also blocked.
Workaround: The issue is fixed in 7.0 U1 or later versions. Please upgrade to vCenter version 7.0 U1 or later.
Static DNS IP address of the Carbon Black Cloud Workload appliance reverts back to default after appliance reboot.
Workaround: See the Knowledge Base article for details.
The Appliance status visible on the Settings > API Access page from the Carbon Black Cloud console may report an outdated Last Checkin time.
On the Carbon Black Cloud console, from the Inventory > Workloads > Not Enabled tab, you can filter VMs based on the Eligibility status. Some eligible VMs can be listed with a note 'Not eligible. Unreachable appliance' if the on-premise appliance is unable to communicate with the Carbon Black Cloud. Even though the appliance is unreachable, the Carbon Black Cloud console displays the unreachable appliance under the Eligible filter.