Endpoint Standard uses advanced predictive models to analyze endpoint data and stop attacks before they compromise your system.

Supported Operating Systems for the Carbon Black Cloud Sensor

For a complete list of supported operating systems, see Carbon Black Cloud sensor support.

Supported Browsers for the Carbon Black Cloud Console

  • Windows: Firefox, Chrome, and Edge
  • macOS: Safari, Firefox, and Chrome

Ports and URLs

For a complete list of ports and URLs that must be opened on the firewall and proxy servers, see CB Defense: What Ports must be opened on the Firewall and Proxy Servers?

Local Scanning Feature for Windows

The Windows sensor includes an optional local scanning feature that enables static file analysis of applications before they are executed. This feature requires an additional 600MB of disk storage to store signature information and allow for signature updates.

Linux 4.4+ Kernels for Linux Sensor 2.10+

Prior to installing the sensor, the underlying BPF implementation requires the Linux kernel headers for the active kernel to be installed. See Prerequisites for Linux 4.4+ Kernels for Linux Sensor Versions 2.10+.

Table 1. Scanner Definition Host and Ports
Requirement Details Notes
Carbon Black Definition Server http://updates.cdc.carbonblack.io/update

Uses HTTP Port 80
This connection is used to update local scanner definition files. This is only required if local scanning is enabled for the sensor. This can be configured to update from a locally hosted server. If you mirror the definition server to an internal server, you can use port 80 or other HTTP port.

Local Scan Settings are not supported by macOS or Linux sensors.

For large enterprises, we recommend the following best practices:

  • Perform an initial installation of AV Signature Pack together with the sensor.
  • Roll out the initial AV Signature Pack download in small batches to avoid network saturation.
  • Mirror signature updates on a local server. See the

    VMware Carbon Black Cloud Sensor Installation Guide.

Sensor Resource Usage

Endpoints must be in compliance with all hardware requirements for the host operating system. Consider all processes that run on the endpoints when determining your hardware configuration. We recommend a multi-core CPU for all installations.

The following metrics represent system requirements against a minimum environment, which is defined in the context as a user level system (such as an inactive laptop).

Table 2. Windows Sensors
Metric Endpoint Standard Endpoint Standard + Audit & Remediation Endpoint Standard + Enterprise EDR Endpoint Standard + Enterprise EDR + Audit & Remediation
CPU

Minimum: 1.5 GHz

Recommended: 2 GHz

Minimum: 1.8 GHz

Recommended: 2 GHz

Minimum: 1.8 GHz

Recommended: 2 GHz

Minimum: 1.8 GHz

Recommended: 2 GHz

Memory

1 GB

2 GB for Windows 10/2016+

1 GB

2 GB for Windows 10/2016+

1 GB

2 GB for Windows 10/2016+

1 GB

2 GB for Windows 10/2016+

Cores 2 2 2 2
Network required

Minimum: 100 Mbit

Recommended: 1 Gbit

Minimum: 100 Mbit

Recommended: 1 Gbit

Minimum: 100 Mbit

Recommended: 1 Gbit

Minimum: 100 Mbit

Recommended: 1 Gbit

Minimum network during light usage 1k bytes/sec read/writes each 1k bytes/sec read/writes each 1k bytes/sec read/writes each 1k bytes/sec read/writes each
*Free disk space

Minimum: 200 MB

Recommended: 1 GB

Minimum: 200 MB

Recommended: 1 GB

Minimum: 200 MB

Recommended: 1 GB

Minimum: 200 MB

Recommended: 1 GB

*See the previous section about additional disk requirements if you are enabling local scan.

Table 3. macOS Sensors
Metric Endpoint Standard Endpoint Standard + Audit & Remediation Endpoint Standard + Enterprise EDR Endpoint Standard + Enterprise EDR + Audit & Remediation
CPU Any supported x86-64 or arm64* Any supported x86-64 or arm64* Any supported x86-64 or arm64* Any supported x86-64 or arm64*
Memory 2 GB 2 GB 2 GB 2 GB
Cores 2 2 2 2
Network required

Minimum: 100 Mbit

Recommended: 1 Gbit

Minimum: 100 Mbit

Recommended: 1 Gbit

Minimum: 100 Mbit

Recommended: 1 Gbit

Minimum: 100 Mbit

Recommended: 1 Gbit

Minimum network during light usage

1k bytes/sec read/writes each

1k bytes/sec read/writes each

1k bytes/sec read/writes each 1k bytes/sec read/writes each
Free disk space

Minimum: 100 MB

Recommended: 500 MB

Minimum: 100 MB

Recommended: 500 MB

Minimum: 200 MB

Recommended: 1 GB

Minimum: 200 MB

Recommended: 1 GB

*arm64 CPU requires macOS sensor 3.6 or higher.

Table 4. Linux Sensors
Metric Endpoint Standard Endpoint Standard + Enterprise EDR Endpoint Standard + Enterprise EDR + Audit & Remediation
CPU

Any 64-bit x86-64 chipset

No speed required

Any 64-bit x86-64 chipset

No speed required

Any 64-bit x86-64 chipset

No speed required

Memory 100 MB 250 MB 250 MB
Cores 2 2 2
Network Required

Minimum: 100 Mbit

Recommended: 1 Gbit

Minimum: 100 Mbit

Recommended: 1 Gbit

Minimum: 100 Mbit

Recommended: 1 Gbit

Minimum network during light usage 1k bytes/sec read/writes each 1k bytes/sec read/writes each 1k bytes/sec read/writes each
Free disk space

/opt: 100 MB

/var: 1600 MB

/opt: 100 MB

/var: 2600 MB

/opt: 100 MB

/var: 3200 MB

Live Query Support

Live Query Supports:

  • Windows Clients running Windows 7+, 64-bit devices only
  • Windows Servers running Windows 2008 R2+, 64-bit devices only
  • macOS 10.10+
  • macOS Catalina
  • Red Hat 6+
  • Red Hat 7
  • CentOS 7
  • Ubuntu 16.04+
  • SUSE 12+
  • OpenSUSE 15 & 42
  • Amazon Linux 2

Additional Live Query Support Information:

  • For Windows & macOS, an upgrade to the 3.3 sensor (or later) is required
  • Sensor version 3.4.0.820+ is required if using a proxy for endpoints
  • For Linux, an upgrade to the 2.3 sensor (or later) is required
  • Users with "Use Live Query" privileges enabled in their role can run queries and view results
  • Users with "View Live Query" privileges enabled in their role can only view results
  • Live Query is powered by Osquery an open source project written in SQL
  • All OSs must be currently running the 4.1.2 Osquery build version