VMware Carbon Black Cloud 2.15.2 | 31 January 2024 | Build 2.15.2 Check for additions and updates to these release notes. |
VMware Carbon Black Cloud 2.15.2 | 31 January 2024 | Build 2.15.2 Check for additions and updates to these release notes. |
The 2.15.2 Carbon Black Cloud Linux Sensor is a maintenance release that includes added Containers support for Alerts, Alma Linux Support, and other minor OS distribution updates. This sensor release also addresses major defects found in the previous releases.
OS Distribution Updates
Sensor support for the following minor OS updates are also included as part of this release:
Debian 11.8, 12.1 and 12.2
Ubuntu 22.04.3
RHEL 8.9
Oracle 8.9
Containers Support - Alerts
The Linux sensor can associate container context with alerts for all supported container engines. This allows users to distinguish alerts that originated from hosts versus containers.
Alma Linux Support
The 2.15.2 Linux sensor introduces Alma Linux support on versions 8.8, 8.9 and 9.2. Sensor functionality remains intact with all other supported features. Please refer to the OER for more information on the supported kernel versions.
This section lists the defects that were resolved in the 2.15.2 Carbon Black Cloud Linux Sensor.
PSCLNX-12772: Sensor can collect mount point information for containers
PSCLNX-12620: Local scan could not execute after disabling bypass mode post-install
EA-23685: Logged in users not reported in status/registration messages
Device username did not show as system name.
Includes PSCLNX-13240
EA-22806: Fixed an out of memory crash caused by cbagentd after running 1k+ containers
Includes PSCLNX-12703 and PSCLNX-12881
This section lists the known issues and limitations present in the Carbon Black Cloud 2.15.2 Linux Sensor.
PSCLNX-13306: Container context missing from the alert
If a binary inside the container is executed from outside using container engine exec command, the container context is missing from the alert.
PSCLNX-10923: Sensor might have some leftover files running after sensor shutdown
PSCLNX-10980: On kernel module distros, banned binaries are not allowed to execute even after the sensor shutdown
The expected behavior is for the sensor to allow the blocked binary after sensor shutdown.
PSCLNX-11089: A banned script results in a "Failed to terminate" error message
Execution of a banned script results in "Failed to terminate" error message in the threat hunter logs, and generates duplicate alerts.