VMware Carbon Black Cloud 2.13 | 22 MAR 2022 | Build 2.13.0.905643

Check for additions and updates to these release notes.

What's New

VMware Carbon Black Cloud Linux Sensor 2.13 includes the following improvements:

Linux Efficacy 

This feature provides the customer with RepCLI support and local reputation checker. RepCLI is a command line tool that can be used by the superuser to locally administer the sensor. For more information about RepCLI commands and their usage, see Managing Sensors by using RepCLI in the VMware Carbon Black Cloud User Guide.  

This feature also provides the ability to verify the reputation of hashes and binaries against the related database prior to cloud look up. Linux sensor uses various reputation sources to determine the reputation of a binary. The 2.13.0 CBC Linux sensor has added secure crypto (maintained by OS package manager) based reputation checker as one more source of reputation detection algorithm. On a FIPS enabled operating system, we use this additional source only when the OS provides support for FIPS compliant secure crypto. 

Quarantine 

This feature unlocks migrations from hosted/on-prem to Enterprise EDR and improves overall security posture of Linux on Carbon Black Cloud. It includes support for quarantining a Linux endpoint from the CBC console. The quarantine functionality will block all network traffic on the endpoint except for the connections that are required to communicate with the Carbon Black Cloud console. This helps isolate the Linux endpoint from the rest of the network and reduces the risk of spreading malicious content throughout the network. 

Sensor Performance Enhancements

This feature provides the customer to successfully run the sensor on large systems without performance degradation.

Public Cloud Workload Protection Initiative 

This feature enables Carbon Black Cloud Linux sensor support on AWS EC2 instances. All the EC2 instances that are launched using a custom AMI will auto-register as a separate device on the cloud backend. This simplifies the security process for AWS and Carbon Black Cloud administrators. 

Distribution Support Changes

The 2.13 release adds support for the following new Linux distribution versions:

  • RHEL 8.5 
  • Debian 11.1 and 11.2
  • OpenSuse 15.2
  • Suse 15 SP 3

Resolved Issues

The following issues were fixed in this version of the software.

  • PSCLNX-10057: OpenSSL version was updated to resolve vulnerabilities

  • PSCLNX-9782, EA-19192: OSQuery was left running even after the timeout was reached

  • PSCLNX-9726: Ubuntu installer failed to create the blades directory

  • PSCLNX-9662, EA-19958: Bulk behavior was causing disk to fill up

  • PSCLNX-9282: Log directory “not empty” warning message was seen while uninstalling on ubuntu

  • PSCLNX-9023, EA-19192: Sensor rebooted unexpectedly multiple times with error messages

  • CBC-11435: Expedited mode of local scan failed if it was triggered from the user interface

  • PSCLNX-9671: Installation failed on CentOS/RHEL FIPS enabled endpoints

  • PSCLNX-10110: Upgrade to latest sensor failed on CentOS/RHEL FIPS enabled endpoints

  • CBC-11966, EA-19859: Event collector resulted in high memory usage in case of a larger event rate

    This caused memory alarms on ubuntu 18.0.5.

  • PSCLNX-3874: When the agent restarts successfully, Error[00000002 (00000002)] is reported (sensor version found: 2.6.0)

  • PSCLNX-455: The sensor only supports unauthenticated proxies (sensor version found: 2.6.0)

  • CB Defense: Endpoint Standard does not collect filemod, netconns, or scriptloads (sensor version found: 2.7.0)

  • Performance issues may occur when deploying the Carbon Black Cloud Linux sensor and the CB Response Linux sensor to the same endpoint (sensor version found: 2.6.0)

    Deploying the Carbon Black Cloud Linux sensor and the CB Response Linux sensor to the same endpoint is not recommended. There are no known interoperability issues when running both sensors; however, higher performance utilization occurs if both sensors are running on an endpoint.

Known Issues

The following issues are known to affect the software. Each lists the sensor version when the issue was first reported. Issues are removed after they are resolved.

  • PSCLNX-10216: Upgrade from older version of the Linux sensors (2.7.1) and older is unsuccessful (sensor version found: 2.13)

    The workaround is to uninstall the sensor and reinstall the latest version.

  • PSCLNX-10199: 5.14 kernel is not supported on BPF probe (sensor version found: 2.13)

  • PSCLNX-9707: Software upgrade log messages are not handled gracefully with unsupported distributions (sensor version found: 2.12)

  • PSCLNX-2710: The sensor does not support uninstall from the Carbon Black Cloud (sensor version found: 2.6.0)

    The sensor does not support uninstall from the Carbon Black Cloud. To uninstall, issue the following commands:

    • For CentOS, RHEL, SUSE, or Amazon Linux: 
    rpm -e cb-psc-sensor
    • For Ubuntu:
    dpkg --purge cb-psc-sensor

    Note: The agent will still be listed in the Registered Devices list on the backend after running the command unless you choose Take Action > Uninstall.

check-circle-line exclamation-circle-line close-line
Scroll to top icon