VMware Carbon Black Cloud Linux Sensor 2.12 | 18 NOV 2021 | Build 2.12 Check for additions and updates to these release notes. |
VMware Carbon Black Cloud Linux Sensor 2.12 includes the following improvements:
Enterprise EDR hash banning
This feature provides Enterprise EDR customers with the ability to ban process execution by hash.
Background scan
This feature enables a one-time scan of all files on an endpoint. Background scans can be enabled per policy or run on specific endpoints.
VDI improvements
The VDI workflow is enabled with the Linux 2.12 sensor. VDI auto re-registration simplifies the VDI security process for Horizon and Carbon Black Cloud admins.
VDI clones and re-registered devices inherit the policy of the primary image if one exists. Otherwise, clones and re-registered devices are assigned the Virtual Desktop policy or the Standard policy, in that order.
If an organization is using sensor groups, the new device will be moved to the appropriate policy when the metadata matches. See the Sensor Installation Guide for full VDI considerations and see the in-product User Guide for more information about sensor groups.
Installation improvements
This release adds additional installation options to the Linux sensor installer, including:
Learn more about these new installation options in the Sensor Installation Guide.
Verified sensor upgrade
This release enforces digital signature verification of future sensor upgrades. A sensor kit that cannot be verified will not be accepted as an upgrade by 2.12+ sensors. Sensors 2.11.2 and later are enabled for signature verification.
Distribution support changes
The 2.12 release ends support for the following Linux distribution versions:
The following issues were fixed in this version of the software.
PSCLNX-9084: Ban_events were missing in some cases
PSCLNX-8488: Some file operations (renames) sometimes caused the agent to associate the wrong file with a path
PSCLNX-8333: Setting kptr_restrict=2 blocked kprobes on system calls
PSCLNX-8265: Operations could arrive out of order on multiple CPUs, improving blocking efficacy
CBC-10551: OSquery binary version is upgraded to 5.0.1
CBC-9846: Libcurl library version is upgraded to 7.78
CBC-9725: OpenSSL library version is upgraded to 1.1.1l, the latest
CBC-9514: Librarchive library version is upgraded to 3.5.1
CBC-9513: Sqlite-ee library version is upgraded to 3.36
The following issues are known to affect the software. Each lists the sensor version when the issue was first reported. Issues are removed after they are resolved.
PSCLNX-9707: Software upgrade log messages are not handled gracefully with unsupported distributions (sensor version found: 2.12)
PSCLNX-3874: When the agent restarts successfully, Error[00000002 (00000002)]
is reported (sensor version found: 2.6.0)
PSCLNX-2710: The sensor does not support uninstall from the Carbon Black Cloud (sensor version found: 2.6.0)
The sensor does not support uninstall from the Carbon Black Cloud. To uninstall, issue the following commands:
rpm -e cb-psc-sensor
dpkg --purge cb-psc-sensor
Note: The agent will still be listed in the Registered Devices list on the backend after running the command unless you choose Take Action > Uninstall.
PSCLNX-455: The sensor only supports unauthenticated proxies (sensor version found: 2.6.0)
CB Defense: Endpoint Standard does not collect filemod, netconns, or scriptloads (sensor version found: 2.7.0)
Performance issues may occur when deploying the Carbon Black Cloud Linux sensor and the CB Response Linux sensor to the same endpoint (sensor version found: 2.6.0)
Deploying the Carbon Black Cloud Linux sensor and the CB Response Linux sensor to the same endpoint is not recommended. There are no known interoperability issues when running both sensors; however, higher performance utilization occurs if both sensors are running on an endpoint.