Live Response is now available on VMware Carbon Black Cloud on AWS GovCloud (US)

You can now use Live Response to perform remote investigations, contain ongoing attacks, and remediate threats using a command line interface. To use Live Response, users must be assigned a role with Live Response permissions in the Carbon Black Cloud. Live Response is available on endpoints running a version 3.0 or later sensor and which have been assigned a policy with Live Response enabled.

When you activate Live Response, you create and attach to a session. Up to 100 sessions can be running simultaneously, and multiple users can be attached to the same session. Each session is limited to 250 commands. Live Response can be used on devices in bypass mode or quarantine.

For more information see the following topics in the user guide:

• Use Live Response

• Live Response Commands

Build 1.16

This release includes an upgrade to the Sensor Upgrade pages. The new Sensor Update Status tab addresses customer feedback to allow increased visibility and control of the sensor update progress. The new Sensor Update Status tab improves mass sensor management and provides more flexibility for larger enterprise environments.

Sensor Upgrade Pages Improvements

• Updated User Interface for the Sensor Update Status tab on any Inventory page in the Carbon Black Cloud console.

• When a user requests to stop a sensor upgrade, it transitions to a "Stopping" state. There can be several minutes delay between the user’s stop request and the resulting changes being processed in the backend, this new status exposes that the request is received and is being processed. 

• When a user requests to create a new sensor upgrade, it transitions to an "Initializing" state. Larger jobs take significantly longer to initialize than smaller jobs, up to a few minutes, and can display in a confusing state in the console. This new “Initializing” state exposes that work is still being done to prepare the upgrades.