VMware Carbon Black Cloud 2.15.0 | 27 JULY 2023 | Build 2.15.0

Check for additions and updates to these release notes.

What's New

The 2.15.0 Carbon Black Cloud Linux Sensor is a minor release that offers Containers support.

OS Distribution Updates

Support for the following minor OS updates are also included as part of this release: 

  • Amazon Linux 2023

  • RHEL 8.8

  • RHEL 9.2

  • Oracle 8.8

  • Oracle 9.2

Product Features

  • Containers Support 

    Carbon Black Cloud Linux Sensor now offers support for processing events originating from containers. The feature set includes Asset Management, Container Centric EDR, Host Security, and Container Security. Users now have visibility and security for containers along with enhanced runtime security capabilities.

    Carbon Black Cloud offers container support on eBPF and libBPF/BTF OS distributions provided the underlying container engine supports that OS distribution. Carbon Black Cloud Linux Sensor supports docker, containerd, and CRIO container engines.  

    The Linux sensor assumes that the container engine is installed at a default location. The default locations for socket files are as follows:  

    • Docker: "/var/run/docker.sock"  

    • Containerd: "/run/containerd/containerd.sock"  

    • CRIO: "/var/run/crio/crio.sock"  

    The Docker API version for the docker container engine must be higher than 1.39.

Resolved Issues

This section lists the defects that were resolved in the 2.15.0 Carbon Black Cloud Linux Sensor.

  • EA-22029: Resolved RHEL 7.9 crash after upgrade to 2.13.3

    Associated with PSCLNX-10655.

  • PSCLNX-10980: Fixed an issue where banned binary was allowed to run after stopping cbagent

  • PSCLNX-11016: Added functionality to sensor status

    Added sensor functionality to set the sensor's status in the UI to "Error (Contact support)" if the sensor detects that it is no longer processing events.

  • EA-21895: Fixed kernel panics caused by stack overrun in event_collector

    Associated with EA-22121, EA-22221, PSCLNX-11546.

  • PSCLNX-11989: Fixed install script to check for required IPTables package

    Associated with EA-22757.

  • PSCLNX-10589: Added sensor functionality to install the sensor through “rpm” and “dpkg” commands

Known Issues

This section lists the known issues and limitations present in the Carbon Black Cloud 2.15.0 Linux Sensor.

  • PSCLNX-12620: When the sensor is installed in bypass mode and bypass is disabled after install, local scan does not run

  • PSCLNX-10923: Sensor might have some leftover files running after sensor shutdown

  • PSCLNX-10980: On kernel module distros, banned binaries are not allowed to execute even after the sensor shutdown

    The expected behavior is for the sensor to allow the blocked binary after sensor shutdown.

  • PSCLNX-11089: A banned script results in a "Failed to terminate" error message

    Execution of a banned script results in "Failed to terminate" error message in the threat hunter logs, and generates duplicate alerts.

  • PSCLNX-12759: On RHEL 9.2 distribution, the install script prints a warning stating quarantine failure

    The install script fails to identify the IPTables utility.

  • PSCLNX-12734: Warning messages printed in logs

    Warning messages such as “remove failed: No such file or directory” printed in logs after sensor uninstall on the rpm based systems.

  • PSCLNX-12772: Sensor cannot collect mount point information for a container

check-circle-line exclamation-circle-line close-line
Scroll to top icon