VMware Carbon Black Cloud 2.15.2 | 31 January 2024 | Build 2.15.2

Check for additions and updates to these release notes.

What's New

The 2.15.2 Carbon Black Cloud Linux Sensor is a maintenance release that includes added Containers support for Alerts, Alma Linux Support, and other minor OS distribution updates. This sensor release also addresses major defects found in the previous releases.

OS Distribution Updates

  • OS Distribution Updates

    Sensor support for the following minor OS updates are also included as part of this release: 

    • Debian 11.8, 12.1 and 12.2

    • Ubuntu 22.04.3

    • RHEL 8.9

    • Oracle 8.9

Product Features

  • Containers Support - Alerts

    The Linux sensor can associate container context with alerts for all supported container engines. This allows users to distinguish alerts that originated from hosts versus containers.

  • Alma Linux Support

    The 2.15.2 Linux sensor introduces Alma Linux support on versions 8.8, 8.9 and 9.2. Sensor functionality remains intact with all other supported features. Please refer to the OER for more information on the supported kernel versions.

Resolved Issues

This section lists the defects that were resolved in the 2.15.2 Carbon Black Cloud Linux Sensor.

  • PSCLNX-12772: Sensor can collect mount point information for containers

  • PSCLNX-12620: Local scan could not execute after disabling bypass mode post-install

  • EA-23685: Logged in users not reported in status/registration messages

    Device username did not show as system name.

    Includes PSCLNX-13240

  • EA-22806: Fixed an out of memory crash caused by cbagentd after running 1k+ containers

    Includes PSCLNX-12703 and PSCLNX-12881

Known Issues

This section lists the known issues and limitations present in the Carbon Black Cloud 2.15.2 Linux Sensor.

  • PSCLNX-13306: Container context missing from the alert

    If a binary inside the container is executed from outside using container engine exec command, the container context is missing from the alert.

  • PSCLNX-10923: Sensor might have some leftover files running after sensor shutdown

  • PSCLNX-10980: On kernel module distros, banned binaries are not allowed to execute even after the sensor shutdown

    The expected behavior is for the sensor to allow the blocked binary after sensor shutdown.

  • PSCLNX-11089: A banned script results in a "Failed to terminate" error message

    Execution of a banned script results in "Failed to terminate" error message in the threat hunter logs, and generates duplicate alerts.

check-circle-line exclamation-circle-line close-line
Scroll to top icon