Carbon Black Cloud 4.0.2.1540| 02 October 2024| Build 4.0.2.1540 Check for additions and updates to these release notes. |
Carbon Black Cloud 4.0.2.1540| 02 October 2024| Build 4.0.2.1540 Check for additions and updates to these release notes. |
Carbon Black Cloud Windows Sensor 4.0.2.1540 includes bug fixes.
Note: For more information about Windows Sensor operating systems, view the Windows Sensor for Desktop Operating Environment Requirements documentation or the Windows Sensor for Server Operating Environment Requirements documentation.
Windows 11 24H2 Support
Carbon Black Cloud will support the upcoming Windows operating system, Windows 11 24H2, on 4.0.2+ sensors only. Sensors older than 4.0.2 will not be supported on Windows 11 24H2.
DSEN-14701: Policy-specific configuration properties
Fixed an issue where setting policy-specific configuration properties set by Carbon Black administrators may not take effect when sensor policy assignment changes. Includes EA-18656, EA-19706, EA-21367, and EA-23943.
DSEN-28098: Improved performance of applications that repeatedly access the same files over the network
Includes EA-22672 and CRE-17956.
DSEN-28275: Fixed an issue that prevented the user of process pre-filters to help with sensor performance
Includes EA-24176 and CRE-17972.
DSEN-28464: Fixed an issue that prevented block notifications from appearing in the sensor user interface
DSEN-28724: Improved reliability of logged-in username update
Improved the reliability of updating the logged-in username in the console if the machine was unable to access the domain controller on initial startup, but later access was restored. Includes CRE-17969.
DSEN-28747: Fixed ctifile.sys driver unload problem
Fixed an issue that could have prevented the ctifile.sys driver from unloading, which in turn can cause upgrades to fail or require reboots.
DSEN-28794: Fixed several race conditions that could lead to system BSOD under heavy load
Includes DSEN-28785, DSEN-28763, DSEN-28311, DSEN-27167, CRE-18307, EA-23784.
DSEN-28766, DSEN-27235: Fixed a repmgr.exe issue memory issue
Fixed an issue where repmgr.exe could consume an excess amount of memory when the system was under heavy load and producing events faster than the sensor could process them. Includes CRE-18177, CRE-18526, CRE-18198, CRE-18763.
DSEN-28816: An incompatibility with the upcoming Windows 11 24 H2 release was identified that was resolved in 4.0.2.
An upgrade of the CBC sensor to 4.0.2 is required prior to installing Windows 11 24H2. Failure to do so could lead to machine deadlocks or a lack of file-based protections.
See https://community.broadcom.com/symantecenterprise/discussion/compatibility-with-windows-24h2-for-carbon-black-cloud-app-control-and-carbon-black-cloud-products for more information.
DSEN-28089: Fixed incorrect HBFW alert descriptions for Outbound Test Rules
DSEN-24871: Fixed an issue that could lead to a file being reported as newly discovered more than once
Includes EA-23122.
DSEN-27590: Fixed an issue that prevented the copy clipboard icon in the sensor block UI for some block events
DSEN-28002: Interop race condition on Microsoft Terminal servers
Fixed an interop race condition seen on Microsoft Terminal servers that prevented new accounts from logging on to the system. Includes EA-24355.
UAV-3229: Interop issue with VMware Horizon VDI
Fixed an interop issue with VMWare Horizon VDI that prevented AV signature pack updates from working. Includes EA-23919, EA-24512, 31-23366.
DSEN-27732: Fixed a bug that could temporarily activate some Endpoint Standard blocking rules shortly after install
DSEN-28004: Fixed a bug that could lead to the loss of some file modification events during Windows updates
DSEN-28183: Fixed an issue that could lead to validly signed files appearing in the console as unsigned
Includes EA-24411.
DSEN-28319: Performance improvement with unique login sessions
Improved the performance of machines with lots of unique logon sessions such as Domain Controllers, Print Servers, and Terminal Servers. Includes EA-24237.
DSEN-28307: Fixed an issue in the Software Removal Tool that caused it to crash if run on non-ESXi Virtual Machines
The following issues are known to affect the software. Each lists the sensor version when the issue was first reported. Issues are removed after they are resolved.
DSEN-29201: Blocking and isolation rules
Blocking and isolation rules that deny or terminate based on the `Runs or Is Running` operation will generate medium severity alerts with threat score of 3. This can result in increased alert volume for customers with lots of custom block rules.
DSEN-26402: Sensor gets MAC Address during its initialization and does not update if subsequently the Physical Address Changes
Associated with EA-23683.
DSEN-22427: osquery might crash when querying windows_eventlogs in any sensor version that supports the windows_eventlog table
The affected environment is for OS Windows 10 21H1 x64 and any sensor version with osquery 4.5.0 or higher. See also https://github.com/osquery/osquery/issues/7340.
DSEN-18389: The sensor can show misleading ProcessTamperAttempt alarms in RepCLI status output and log events
These events do not constitute a true tamper attempt and indicate that the sensor blocked msmpeng.exe from accessing lsass.exe when Windows Defender is active.
DSEN-25191: Obfuscation of document filenames is not working as expected when using the Enable Private Logging sensor configuration
DSEN-18307: In Endpoint Standard, TAU conflicts with the sensor
Carbon Black Cloud’s TAU provided detections and preventions, such as credential theft alerts, can potentially conflict with the sensor’s own built-in detections and preventions and present multiple, conflicting events for the same endpoint operation. In this case, the sensor’s built-in logic takes precedence.