Use this procedure to install sensors on VM workloads through the Carbon Black Cloud console. You can use the configuration file to specify the proxy server that a Carbon Black launcher and a Carbon Black sensor can use after the installation completes.

Prerequisites

  • Make sure you have configured firewall correctly. For information on configuring firewall, see VMware Carbon Black Cloud on AWS GovCloud (US) Sensor Installation Guide.
  • Make sure you are familiar with the command line installation options. For information about the Windows sensor supported commands, see VMware Carbon Black Cloud on AWS GovCloud (US) Sensor Installation Guide.
  • The only supported proxy connection for the Carbon Black launcher and the Carbon Black sensor is the unauthenticated HTTP tunneling proxy.
  • To obtain the Carbon Black launcher for Windows VMs with proxy support, install or upgrade VMware Tools to version 11.3.0 or later.

Procedure

  1. On the navigation bar, select Inventory > VM Workloads.
  2. Click the Not Enabled tab and select eligible workloads.
    Eligible workloads are running a supported OS and have a correct version of the VMware Tools with the Carbon Black launcher.

    A list of workloads eligible for sensor installation.

  3. Click the Take Action drop-down menu and select Install sensors.
  4. Select the sensor version to install.

    Install Sensor dialog box.

  5. Optional. Download and update the sensor configuration file.
    By default, the INI file contains the following configurations that are mandatory for the successful installation of your Windows and Linux sensors.
    Command Options Values Description/Notes
    EncodedCompanyCode=value String For sensor version 3.0+ an encoded company code is required. The encoded company code is encoded with both - the 8-digit code and backend server.
    CompanyCode=value String The company registration code you must acquire for command line installations.
    BackendServer=value String The backend URL.

    To customize the Windows sensor installation, you can add the following optional parameters during sensor install.

    Note: Windows is the only supported operating system for sensor install customization. Currently, you cannot customize the installation of Linux sensors.
    Command Options Values Description/Notes
    ConfigureMemoryDumpSettings=value true/false

    Default value is true.

    When false, it prevents the sensor from automatically configuring the memory dump settings in the registry.

    Available for Windows sensors 3.5 and later.

    AutoReRegisterForCitrix=value true/false

    Default value is false.

    When true, it enables auto-reregistration for Citrix PVS and MCS clones.

    Available for Windows sensors 3.7MR1 and later.

    EnableAutoReregisterForVDIClones=value

    4 - Checks for Hostname change (available from 3.8+)

    3 - Checks for BIOS UUID and MAC HASH changes (preferred)​

    2 - Checks for BIOS UUID change

    1 - Disables Auto Reregister

    Sets the auto-reregistration functionality for Horizon and vSphere VDI clones.
    • For Windows sensor 3.7MR2, the default value is 1.
    • For Windows sensor 3.8 and later, the default value is 3.

    Available for Windows sensors 3.7MR2 and later.

    AutoUpdate=value 1/0 or true/false

    Default value is true.

    Toggles whether the sensor will accept backend-pushed upgrade requests.

    When false, it prevents the update from being pushed from the backend.

    BackgroundScan=value 1/0 or true/false

    Default value is true.

    Toggles whether the sensor does an inventory of what hashes exist on the machine.

    Not applicable to Audit and Remediation Standalone.

    InstallBypass=value 1/0 or true/false

    Default value is false.

    When true, it enables bypass mode.

    The sensor functions in a passive manner and does not interfere with or monitor the applications on the endpoint.

    Installing the sensor in bypass mode enables thorough testing for interoperability issues.

    CbLRKill=value 1/0

    Default value is 0.

    When 1, it disables Live Response functionality for the sensor.
    Note: To enable Live Response, reinstall the sensor.
    AuthenticatedCLIUsers=value SID value for authenticated users group Enables the RepCLI tool. Any member in the specified user group can use the authenticated RepCLI commands.
    ConnectionLimit=value Number of connections per hour

    By default, there is no limit.

    Optional.
    CurlCrlCheck= 1/0

    Default value is 1.

    When 0, it disables CRL check during an initial sensor installation. For information on disabling CRL checks, see VMware Carbon Black Cloud on AWS GovCloud (US) Sensor Installation Guide.
    DelaySigDownload=value 1/0

    Default value is 1.

    We recommend that you keep the delay signature/definition download option enabled.
    FileUploadLimit=value 4-byte integer representing number of megabytes

    Default value is 5.

    Example: value of 3 is a limit of 3*1024*1024 bytes.
    GroupName=value String Optional policy name assignment. Enclose this value with double quotes if the policy name includes spaces.
    • For Windows sensors 3.7 and earlier, use this parameter.
    • For Windows sensors 3.8 and later, use the PolicyName parameter instead.
    PolicyName=value String

    Optional policy name assignment. Enclose this value with double quotes if the policy name includes spaces.

    • For Windows sensors 3.8 and later, use this parameter.
    • For Windows sensors 3.7 and earlier, use the GroupName parameter instead.
    HideCommandLines=value 1/0

    Default value is 0.

    Obfuscates command line inputs.
    LastAttemptProxyServer=value String

    Example: 10.101.100.99:8080

    Optional. Sensor attempts Cloud access by using this setting when all other methods fail (including dynamic proxy detection).
    LearningMode=value Number of hours after sensor install to limit event types.

    By default, disabled.

    Optional. Reduces the load on the backend by dropping some report types after initial install.

    Generally, more reports are sent to the backend soon after sensor install, because the sensor reports on newly detected hashes.

    Learning mode reports only on file and process behavior while the sensor is detecting hashes. Reporting of API, registry, and network behavior is dropped during this period.

    OfflineInstall=value 1/0 or true/false

    Default value is false.

    Optional. Allows you to install sensors when the endpoint is offline. The sensor connects with the Carbon Black Cloud backend and accesses a policy when network connectivity is restored. The device is in a bypass state until the sensor can access the policy.

    For Windows sensors 3.5 and later.

    ProxyServerCredentials=user:password=value Proxy password and username Optional.
    ProxyServer=value server:port Optional.
    QueueSize=value Event backlog

    Default value for Endpoint Standard is 100MB.

    Optional. This value does not include SSL overhead.
    RateLimit=value KB per hour

    Default value is No Limit.

    Optional.
    EmailAddress=value Example: [email protected] Optional.
    VHostEnabled=value true/false

    Default value is true.

    When false, disables the VHostComms helper utility.
  6. Click Install.
    You see a Sensor installation submitted notification and the install status for the VM changes to In Progress.

    It takes up to 5 minutes for the installation to complete.

Results

After the sensor installs, it appears on the Enabled tab.