VMware Carbon Black Cloud 2.15.0 | 27 JULY 2023 | Build 2.15.0 Check for additions and updates to these release notes. |
VMware Carbon Black Cloud 2.15.0 | 27 JULY 2023 | Build 2.15.0 Check for additions and updates to these release notes. |
The 2.15.0 Carbon Black Cloud Linux Sensor is a minor release that offers Containers support.
Support for the following minor OS updates are also included as part of this release:
Amazon Linux 2023
RHEL 8.8
RHEL 9.2
Oracle 8.8
Oracle 9.2
Containers Support
Carbon Black Cloud Linux Sensor now offers support for processing events originating from containers. The feature set includes Asset Management, Container Centric EDR, Host Security, and Container Security. Users now have visibility and security for containers along with enhanced runtime security capabilities.
Carbon Black Cloud offers container support on eBPF and libBPF/BTF OS distributions provided the underlying container engine supports that OS distribution. Carbon Black Cloud Linux Sensor supports docker, containerd, and CRIO container engines.
The Linux sensor assumes that the container engine is installed at a default location. The default locations for socket files are as follows:
Docker: "/var/run/docker.sock"
Containerd: "/run/containerd/containerd.sock"
CRIO: "/var/run/crio/crio.sock"
The Docker API version for the docker container engine must be higher than 1.39.
This section lists the defects that were resolved in the 2.15.0 Carbon Black Cloud Linux Sensor.
EA-22029: Resolved RHEL 7.9 crash after upgrade to 2.13.3
Associated with PSCLNX-10655.
PSCLNX-10980: Fixed an issue where banned binary was allowed to run after stopping cbagent
PSCLNX-11016: Added functionality to sensor status
Added sensor functionality to set the sensor's status in the UI to "Error (Contact support)" if the sensor detects that it is no longer processing events.
EA-21895: Fixed kernel panics caused by stack overrun in event_collector
Associated with EA-22121, EA-22221, PSCLNX-11546.
PSCLNX-11989: Fixed install script to check for required IPTables package
Associated with EA-22757.
PSCLNX-10589: Added sensor functionality to install the sensor through “rpm” and “dpkg” commands
This section lists the known issues and limitations present in the Carbon Black Cloud 2.15.0 Linux Sensor.
PSCLNX-12620: When the sensor is installed in bypass mode and bypass is disabled after install, local scan does not run
PSCLNX-10923: Sensor might have some leftover files running after sensor shutdown
PSCLNX-10980: On kernel module distros, banned binaries are not allowed to execute even after the sensor shutdown
The expected behavior is for the sensor to allow the blocked binary after sensor shutdown.
PSCLNX-11089: A banned script results in a "Failed to terminate" error message
Execution of a banned script results in "Failed to terminate" error message in the threat hunter logs, and generates duplicate alerts.
PSCLNX-12759: On RHEL 9.2 distribution, the install script prints a warning stating quarantine failure
The install script fails to identify the IPTables utility.
PSCLNX-12734: Warning messages printed in logs
Warning messages such as “remove failed: No such file or directory” printed in logs after sensor uninstall on the rpm based systems.
PSCLNX-12772: Sensor cannot collect mount point information for a container