Use this procedure to install sensors on VM workloads through the Carbon Black Cloud console. You can use the configuration file to specify the proxy server that a Carbon Black launcher and a Carbon Black sensor can use after the installation completes.
Prerequisites
- Make sure you have configured firewall correctly. For more information, see Configure a Firewall.
- Make sure you are familiar with the command line installation options. For more information, see Windows Sensor Supported Commands.
- The only supported proxy connection for the Carbon Black launcher and the Carbon Black sensor is the unauthenticated HTTP tunneling proxy.
- To obtain the Carbon Black launcher for Windows VMs with proxy support, install or upgrade VMware Tools to version 11.3.0 or later.
Procedure
- Sign in to the Carbon Black Cloud console.
- On the navigation bar, select Inventory > VM Workloads.
- Click the Not Enabled tab and select eligible workloads.
Eligible workloads are running a supported OS and have a correct version of the VMware Tools with the Carbon Black launcher.
- Click the Take Action drop-down menu and select Install sensors.
- Select the sensor version to install.
- Optional. Download and update the sensor configuration file.
By default, the INI file contains the following configurations that are mandatory for the successful installation of your Windows and Linux sensors.
Command Options Values Description/Notes EncodedCompanyCode=value
String For sensor version 3.0+ an encoded company code is required. The encoded company code is encoded with both - the 8-digit code and backend server. CompanyCode=value
String The company registration code you must acquire for command line installations. BackendServer=value
String The backend URL. To customize the Windows sensor installation, you can add the following optional parameters during sensor install.
Note: Windows is the only supported operating system for sensor install customization. Currently, you cannot customize the installation of Linux sensors.Command Options Values Description/Notes ConfigureMemoryDumpSettings=value
true/false
Default value is
true
.When false
, it prevents the sensor from automatically configuring the memory dump settings in the registry.Available for Windows sensors 3.5 and later.
AutoReRegisterForCitrix=value
true/false
Default value is
false
.When true
, it enables auto-reregistration for Citrix PVS and MCS clones.Available for Windows sensors 3.7MR1 and later.
EnableAutoReregisterForVDIClones=value
4
- Checks for Hostname change (available from 3.8+)3
- Checks for BIOS UUID and MAC HASH changes (preferred)2
- Checks for BIOS UUID change1
- Disables Auto ReregisterSets the auto-reregistration functionality for Horizon and vSphere VDI clones. - For Windows sensor 3.7MR2, the default value is
1
. - For Windows sensor 3.8 and later, the default value is
3
.
Available for Windows sensors 3.7MR2 and later.
AutoUpdate=value
1/0
ortrue/false
Default value is
true
.Toggles whether the sensor will accept backend-pushed upgrade requests. When
false
, it prevents the update from being pushed from the backend.BackgroundScan=value
1/0
ortrue/false
Default value is
true
.Toggles whether the sensor does an inventory of what hashes exist on the machine. Not applicable to Audit and Remediation Standalone.
InstallBypass=value
1/0
ortrue/false
Default value is
false
.When true
, it enables bypass mode.The sensor functions in a passive manner and does not interfere with or monitor the applications on the endpoint.
Installing the sensor in bypass mode enables thorough testing for interoperability issues.
For information on sensor bypass mode, see the Carbon Black Cloud User Guide.
CbLRKill=value
1/0
Default value is
0
.When 1
, it disables Live Response functionality for the sensor.Note: To enable Live Response, reinstall the sensor.AuthenticatedCLIUsers=value
SID value for authenticated users group Enables the RepCLI tool. Any member in the specified user group can use the authenticated RepCLI commands. ConnectionLimit=value
Number of connections per hour By default, there is no limit.
Optional. CurlCrlCheck=
1/0
Default value is
1
.When 0
, it disables CRL check during an initial sensor installation. For more information, see Disable CURL CRL CHECK.DelaySigDownload=value
1/0
Default value is
1
.We recommend that you keep the delay signature/definition download option enabled. FileUploadLimit=value
4-byte integer representing number of megabytes Default value is
5
.Example: value of 3 is a limit of 3*1024*1024 bytes. GroupName=value
String Optional policy name assignment. Enclose this value with double quotes if the policy name includes spaces. - For Windows sensors 3.7 and earlier, use this parameter.
- For Windows sensors 3.8 and later, use the
PolicyName
parameter instead.
PolicyName=value
String Optional policy name assignment. Enclose this value with double quotes if the policy name includes spaces.
- For Windows sensors 3.8 and later, use this parameter.
- For Windows sensors 3.7 and earlier, use the
GroupName
parameter instead.
HideCommandLines=value
1/0
Default value is
0
.Obfuscates command line inputs. LastAttemptProxyServer=value
String Example: 10.101.100.99:8080
Optional. Sensor attempts Cloud access by using this setting when all other methods fail (including dynamic proxy detection). LearningMode=value
Number of hours after sensor install to limit event types. By default, disabled.
Optional. Reduces the load on the backend by dropping some report types after initial install. Generally, more reports are sent to the backend soon after sensor install, because the sensor reports on newly detected hashes.
Learning mode reports only on file and process behavior while the sensor is detecting hashes. Reporting of API, registry, and network behavior is dropped during this period.
OfflineInstall=value
1/0
ortrue/false
Default value is
false
.Optional. Allows you to install sensors when the endpoint is offline. The sensor connects with the Carbon Black Cloud backend and accesses a policy when network connectivity is restored. The device is in a bypass state until the sensor can access the policy. For Windows sensors 3.5 and later.
ProxyServerCredentials=user:password=value
Proxy password and username Optional. ProxyServer=value
server:port Optional. QueueSize=value
Event backlog Default value for Endpoint Standard is 100MB.
Optional. This value does not include SSL overhead. RateLimit=value
KB per hour Default value is No Limit.
Optional. EmailAddress=value
Example: [email protected] Optional. VHostEnabled=value
true/false
Default value is
true
.When false
, disables theVHostComms
helper utility. - For Windows sensor 3.7MR2, the default value is
- Click Install.
You see a Sensor installation submitted notification and the install status for the VM changes to In Progress.
It takes up to 5 minutes for the installation to complete.