You can perform actions on selected VDI clones and their sensors on the Enabled tab on the Workloads page of the Carbon Black Cloud console (if you have Cloud Workload Protection enabled).

Prerequisites

Make sure the Carbon Black sensor on the golden image re-registers on the VDI clone. For information about installing sensor on a VDI clone, see the VMware Carbon Black Cloud on AWS GovCloud (US) Sensor Installation Guide.

Procedure

  1. On the left navigation pane, click Inventory and navigate to VDI clones.
  2. Locate the Status column and select the check box for the clone or clones to act on.
    The Take Action drop-down menu appears.
  3. Click an action for the selected VDI clones' Sensors.
    Option Description
    Assign policy Determines prevention behavior. Each Sensor or Sensor group is assigned to a policy. You can set an automatic assignment of a policy to sensors or manually assign a pre-defined policy.
    Update sensors Updates the version of the selected Sensor, or the Sensors on all present clones.
    Enable bypass Removes policy enforcement on the Sensor. The Sensor stops sending data to the cloud.
    Disable bypass Enables policy assignment to Sensors.
    Uninstall sensors Uninstalls Linux and Windows Sensors. After you uninstall a sensor, it persists on the Inventory page as a deregistered Sensor until you delete it.
    Delete deregistered assets Completely removes the Sensor from the Carbon Black Cloud console.
    Disable Live Response Use Live Response to perform remote investigations, contain ongoing attacks, and remediate threats.
    Query assets Runs a predefined or your own SQL query against the VDI clones.
    Disable background scan Releases the clones from the background scan.
    Enable background scan The Sensor performs an initial, one-time inventory scan in the background to identify malware files that pre-exist on the clone.
    • If the policy controlling the clone has background scans enabled, the sensor runs the type of scan that is specified in that policy.
    • If the policy controlling the clone does not have background scans enabled, the sensor runs a standard background scan.
    Quarantine assets Quarantines VDI clones. This action limits the outbound traffic and stops all inbound traffic to the selected clones.
    Unquarantine assets Releases clones from the quarantine state.

Results

You are present with confirmation of your action. The status of the assets and their sensors updates accordingly.