Carbon Black Cloud 2.16.0 | 24 June 2024 | Build 2.16.0.2566828

Check for additions and updates to these release notes.

What's New

The 2.16.0 Carbon Black Cloud Linux Sensor is a minor release that includes several new features and OS distribution updates.

This sensor release also addresses defects found in the previous releases.

  • OS Distribution Updates

    Support for the following minor OS updates are also included as part of this release: 

    • RHEL 9.3

    • Oracle RHCK 9.3 

    • Rocky 9.3 

    • Alma 9.3

    • Rocky 8.9

    • Alma 8.9

    • Ubuntu 22.04.4

    • Debian 12.5

    • Debian 11.9 

    • Ubuntu 22.04.3 with kernel 6.5

  • Inline Blocking

    Carbon Black Cloud Linux Sensor now offers enhanced prevention capabilities by providing a mechanism for blocking a malware on its very first execution. Prior to this release, blocking of executables using hash banning relied on the sensor knowing the reputation for a binary. As a result, the first execution of any malware would go through and the sensor would only kill the process at a later point.

    The Inline Blocking feature, when turned on, completely blocks a malware from running. This feature is disabled by default and can be turned on by checking the toggle with title “Block known bad files before execution” in the policy page for custom policies. The Inline Blocking toggle is enabled by default for Advanced and Standard policies. This feature does not support network/remote file systems. This feature is supported for Endpoint Standard only.

  • Signing sensor kits with SHA256 keys

    The sensor kits are now signed with SHA256 key only. The SHA1 key is completely deprecated. Sensor upgrade logic validates the integrity of the package using this key. With this release, the upgrade logic will allow SHA256 signed packages only.

Resolved Issues

This section lists the defects that were resolved in the 2.16.0 Carbon Black Cloud Linux Sensor.

  • CBC-29584: Fixed an issue where the output of “repcli status” command was missing the “Local Scan Info” section (EA-23263)

  • CBC-31494 : Fixed an issue where the user was not able to uninstall Linux sensor using Uninstall action from console

  • PSCLNX-12137: Fixed an issue where the installer was throwing an error message for kernel versions with specific formats (7 components in the patch version after “-”. e.g 3.10.0-1160.83.1.0.1.el7.x86_64) (EA-22997)

    This error was misleading since the installation and subsequent sensor functionality was working fine on such versions.

  • PSCLNX-13267: Fixed an issue where the sensor was reporting system name when multiple users were logged-in (EA-23685)

    With this release, the sensor will start reporting the last logged in user, in this scenario.

Known Issues

This section lists the known issues and limitations present in the Carbon Black Cloud 2.16.0 Linux Sensor.

  • PSCLNX-10923: Sensor might have some leftover files running after sensor shutdown

  • PSCLNX-10980: On kernel module distros, banned binaries are not allowed to execute even after the sensor shutdown

    The expected behavior is for the sensor to allow the blocked binary after sensor shutdown.

  • PSCLNX-11089: A banned script results in a "Failed to terminate" error message

    Execution of a banned script results in "Failed to terminate" error message in the threat hunter logs, and generates duplicate alerts.

  • ​​PSCLNX-13306: Container context missing from the alert If a binary inside the container is executed from outside using container engine exec command, the container context is missing from the alert

check-circle-line exclamation-circle-line close-line
Scroll to top icon