VMware Carbon Black Cloud Workload 1.1 | 14 OCT 2021 | Build 18741640
Check for additions and updates to these release notes.
VMware Carbon Black Cloud Workload is a data center security product that protects your workloads running in a virtualized environment. It provides an ability to ensure workloads have built-in protection making security intrinsic to the virtualized environment. It includes core capabilities such as agent-less delivery, inventory, lifecycle management, vulnerability assessment, and remediation. It also includes endpoint protection capabilities such as next-gen antivirus, real-time threat hunting and endpoint detect and response.For more information, see:
The VMware Carbon Black Cloud Workload appliance 1.1 is a maintenance release containing security updates and improvements based on customer feedback.
Carbon Black Cloud Workload Proxy Support
- Appliance-side proxy support
Proxy support has been enhanced to support both authenticated and unauthenticated HTTP tunneling proxy. You can now configure the following types of proxy server: HTTP, HTTPS, SOCKS4, or SOCKS5.
- Sensor-side proxy support
You can download the sensor installer via a connection through a proxy server. Windows and Linux sensor installation supports only an unauthenticated HTTP tunneling proxy.
- Carbon Black Launcher for Windows VMs with proxy support requires VMware Tools version 11.3.5, and Carbon Black Windows Sensor 3.7.0 or later.
- Carbon Black Launcher for Linux VMs with proxy support requires Carbon Black Linux Sensor 2.11.3 or later.
- Appliance-side proxy support
Password Expiration Management
With this release, Carbon Black Cloud Workload appliance and Carbon Black Cloud Workload plug-in UI display a notification when your password is within 15 days of expiration, or is already expired. You get different notifications based on the number of days left until password expiry - from info to warning, to alert.
To reset or extend your password, see Maintaining the Appliance Password.
Appliance Upgrade Enhancement
With this release, when a Carbon Black Cloud Workload appliance upgrade is available, you can use the Upgrade Now button to trigger the upgrade or take advantage of the enhanced upgrade scheduler. It allows you to set an upgrade in a more granular manner. When you click Edit Schedule, you can select a specific time in your local timezone for the upgrade to happen.
Carbon Black Cloud Registration Enhancement
When establishing connection between Carbon Black Cloud and Carbon Black Cloud Workload appliance, you can now select from a drop-down menu an existing Carbon Black Cloud environment. Also, you can enter one manually by using the Other option.
NSX-T Tagging Integration
This release delivers an integration between the VMware NSX-T Data Center and the VMware Carbon Black Cloud Workload product lines to provide user-initiated remediation via NSX policies based on observed behaviors in Carbon Black Cloud. Any Carbon Black Cloud alerts that trigger remediation on protected Virtual Machines (VMs), allow you to do remediations using NSX-T Distributed Firewall (DFW) policies.
You use the Carbon Black Cloud console to add a set of NSX permissions and manually apply pre-defined NSX tags to VMs as a remediation. The NSX-T tag can be applied through the Carbon Black Cloud Alerts or Inventory-> VM Workloads pages. The VM workload must be on an NSX N-VDS (opaque network) to have the Apply NSX Tag option available.
This capability requires NSX version 3.1.3 or later.
Linux digital-sign verification before installing Carbon Black Sensor
With Carbon Black Cloud Workload 1.1, including the Carbon Black launcher for Linux VMs 1.1, and Carbon Black sensor kit 2.12 releases you can enforce full digital verification before installing the Linux sensor kit. You must switch to the Carbon Black launcher for Linux VMs 1.1 and remove all sensor kits with versions earlier than 2.12 from your Carbon Black Cloud.
Sensor 2.12 is enhanced to enforce full digital verification during future upgrades.
For more details, see Carbon Black Launcher for Linux VMs.
The following issues were resolved in this release:
The IP address of the appliance's Proxy Server contains 0 at second and third positions
When the IP address of the appliance's Proxy Server contains 0 at second and third positions, the Invalid Proxy Server error message displays in the UI. This is due to an extra check in the regular expression of the UX validation.
Complex password limitation
Complex passwords with the ampersand "&" as a special character are not supported when deploying the Carbon Black Cloud Workload appliance directly from the ESXi Host (without using the vCenter OVF deployment workflow).
Unable to export vulnerabilities
The Export button on the Asset View within the Vulnerability dashboard may not work for vCenter Server 6.7 and 7.0 due to a known vCenter Server issue. The external documentation links are also blocked.
Static DNS IP address reverts to default
Static DNS IP address of the Carbon Black Cloud Workload appliance reverts back to default after appliance reboot.
Error displays when vCenter Server becomes unreachable
If vCenter Server becomes unreachable for some time for any reason, you might get a connection error on the Carbon Black Cloud Workload plug-in or appliance. Once the connection with the vCenter Servre is reestablished, the error is not seen on the UI. This issue is intermittent and resolves automatically after a successful connection.
Upgrade to 1.0.2 Carbon Black Cloud Workload appliance fails
Auto-upgrade from 1.0.1 to 1.0.2 Carbon Black Cloud Workload appliance requires the execution of a script.
Appliance reboot generates certificates even if old ones exist
After an upgrade or install of a Carbon Black Cloud Workload appliance, reboot of the appliance causes the generation of new certificates even if such already exist. As a result, the vCenter Server detects a mismatch in the thumbprint and causes the Carbon Black Cloud Workload plug-in to stop working.
Workaround: Unregister the vCenter Server and register it again.
Carbon Black Cloud Workload appliance might show with outdated Last Checkin time
The Carbon Black Cloud Workload appliance status visible on the Settings > API Access page from the Carbon Black Cloud console might report with an outdated Last Checkin time.
Carbon Black Cloud console displays unreachable appliance as eligible
On the Carbon Black Cloud console, from the Inventory > Workloads > Not Enabled tab, you can filter VMs based on the Eligibility status. Some eligible VMs are listed with a note 'Not eligible. Unreachable appliance' if the on-premise appliance is unable to communicate with the Carbon Black Cloud. Even though the appliance is unreachable, the Carbon Black Cloud console displays the unreachable appliance under the Eligible filter.