Carbon Black Cloud 4.0.2.1540| 02 October 2024| Build 4.0.2.1540

Check for additions and updates to these release notes.

What's New

Carbon Black Cloud Windows Sensor 4.0.2.1540 includes bug fixes.

Note: For more information about Windows Sensor operating systems, view the Windows Sensor for Desktop Operating Environment Requirements documentation or the Windows Sensor for Server Operating Environment Requirements documentation.

Resolved Issues

All

  • DSEN-14701: Policy-specific configuration properties

    Fixed an issue where setting policy-specific configuration properties set by Carbon Black administrators may not take effect when sensor policy assignment changes. Includes EA-18656, EA-19706, EA-21367, and EA-23943.

  • DSEN-28098: Improved performance of applications that repeatedly access the same files over the network

    Includes EA-22672 and CRE-17956.

  • DSEN-28275: Fixed an issue that prevented the user of process pre-filters to help with sensor performance

    Includes EA-24176 and CRE-17972.

  • DSEN-28464: Fixed an issue that prevented block notifications from appearing in the sensor user interface

  • DSEN-28724: Improved reliability of logged-in username update

    Improved the reliability of updating the logged-in username in the console if the machine was unable to access the domain controller on initial startup, but later access was restored. Includes CRE-17969.

  • DSEN-28747: Fixed ctifile.sys driver unload problem

    Fixed an issue that could have prevented the ctifile.sys driver from unloading, which in turn can cause upgrades to fail or require reboots.

  • DSEN-28794: Fixed several race conditions that could lead to system BSOD under heavy load

    Includes DSEN-28785, DSEN-28763, DSEN-28311, DSEN-27167, CRE-18307, EA-23784.

  • DSEN-28766, DSEN-27235: Fixed a repmgr.exe issue memory issue

    Fixed an issue where repmgr.exe could consume an excess amount of memory when the system was under heavy load and producing events faster than the sensor could process them. Includes CRE-18177, CRE-18526, CRE-18198, CRE-18763.

  • DSEN-28816: An incompatibility with the upcoming Windows 11 24 H2 release was identified that was resolved in 4.0.2.

    An upgrade of the CBC sensor to 4.0.2 is required prior to installing Windows 11 24H2. Failure to do so could lead to machine deadlocks or a lack of file-based protections.

    See https://community.broadcom.com/symantecenterprise/discussion/compatibility-with-windows-24h2-for-carbon-black-cloud-app-control-and-carbon-black-cloud-products for more information.

  • DSEN-28089: Fixed incorrect HBFW alert descriptions for Outbound Test Rules

Endpoint Standard

  • DSEN-24871: Fixed an issue that could lead to a file being reported as newly discovered more than once

    Includes EA-23122.

  • DSEN-27590: Fixed an issue that prevented the copy clipboard icon in the sensor block UI for some block events

  • DSEN-28002: Interop race condition on Microsoft Terminal servers

    Fixed an interop race condition seen on Microsoft Terminal servers that prevented new accounts from logging on to the system. Includes EA-24355.

  • UAV-3229: Interop issue with VMware Horizon VDI

    Fixed an interop issue with VMWare Horizon VDI that prevented AV signature pack updates from working. Includes EA-23919, EA-24512, 31-23366.

Enterprise EDR

  • DSEN-27732: Fixed a bug that could temporarily activate some Endpoint Standard blocking rules shortly after install

  • DSEN-28004: Fixed a bug that could lead to the loss of some file modification events during Windows updates

  • DSEN-28183: Fixed an issue that could lead to validly signed files appearing in the console as unsigned

    Includes EA-24411.

  • DSEN-28319: Performance improvement with unique login sessions

    Improved the performance of machines with lots of unique logon sessions such as Domain Controllers, Print Servers, and Terminal Servers. Includes EA-24237.

Software Removal Tool

  • DSEN-28307: Fixed an issue in the Software Removal Tool that caused it to crash if run on non-ESXi Virtual Machines

Known Issues

The following issues are known to affect the software. Each lists the sensor version when the issue was first reported. Issues are removed after they are resolved.

All

  • DSEN-29201: Blocking and isolation rules

    Blocking and isolation rules that deny or terminate based on the `Runs or Is Running` operation will generate medium severity alerts with threat score of 3.  This can result in increased alert volume for customers with lots of custom block rules.

  • DSEN-26402: Sensor gets MAC Address during its initialization and does not update if subsequently the Physical Address Changes

    Associated with EA-23683.

  • DSEN-22427: osquery might crash when querying windows_eventlogs in any sensor version that supports the windows_eventlog table

    The affected environment is for OS Windows 10 21H1 x64 and any sensor version with osquery 4.5.0 or higher. See also https://github.com/osquery/osquery/issues/7340.

  • DSEN-18389: The sensor can show misleading ProcessTamperAttempt alarms in RepCLI status output and log events

    These events do not constitute a true tamper attempt and indicate that the sensor blocked msmpeng.exe from accessing lsass.exe when Windows Defender is active.

Endpoint Standard

  • DSEN-25191: Obfuscation of document filenames is not working as expected when using the Enable Private Logging sensor configuration

  • DSEN-18307: In Endpoint Standard, TAU conflicts with the sensor

    Carbon Black Cloud’s TAU provided detections and preventions, such as credential theft alerts, can potentially conflict with the sensor’s own built-in detections and preventions and present multiple, conflicting events for the same endpoint operation. In this case, the sensor’s built-in logic takes precedence.

check-circle-line exclamation-circle-line close-line
Scroll to top icon