To install a Carbon Black Cloud Windows sensor on Horizon instant clones, perform the following procedure. These instructions apply to both instant clone pools only.

Important:

Previous installation use of a post-synchronization script (batch file) is no longer necessary. If you are upgrading to Horizon 7.13+ from a previous Horizon version, you must remove the batch file that had previously been inserted into the golden image. Failure to remove the script will cause multiple re-registrations of the same device.

Do not run repcli reregister now or repcli reregister onrestart commands on the golden image. Either command turns the golden image into a clone, which might deregister the golden image if autoderegister is set and a time-out has occurred. Deregistration of the golden image results in clones being unable to reregister.

The instant clone agent now sets the following registry value to a unique GUID when IT/replica/clone nga customization begins. Each clone has a unique value:

Key: HKLM\Software\VMware, Inc.\ViewComposer\ga\AgentIntegration 
Type: REG_SZ 
Value: CustomizationStarted

Prerequisites

See Carbon Black Windows Sensor Policy Setting Recommendations for Horizon Instant Clones before installing the sensor.

Procedure

  1. Create the golden image VM for the clone pool deployment. Perform required Windows updates and install the required VMware Tools and Horizon Agent.
  2. Install the sensor on the golden image:
    • If you are using Horizon versions 7.13+ or 8.0+ and Carbon Black Cloud sensor 3.6+, no additional configuration is required. In this case, the sensor uses a Horizon Agent-provided registration key to perform reregistration on the clone: 
      msiexec.exe /q /i <Sensor Installer Path> /L*v msi.log COMPANY_CODE="XYZABC" CLI_USERS=<UserGroupSid> POLICY_NAME="<NAME Virtual Policy>"
    • If you are using a Horizon version Pre-7.13, 8.0 and Windows sensor 3.7 MR2+, add the “AUTO_REREGISTER_FOR_VDI_CLONES=3" install flag: 
      msiexec.exe /q /i <Sensor Installer Path> /L*v msi.log COMPANY_CODE="XYZABC" CLI_USERS=<UserGroupSid> AUTO_REREGISTER_FOR_VDI_CLONES=3 POLICY_NAME="<NAME Virtual Policy>"
      Note:

      <Sensor Installer Path>: Replace this value with the location of the sensor MSI file; for example, c:\tmp\installer_win-64-3.8.0.627.msi.

      CLI_USERS= <UserGroupSid>: This parameter on the golden image enables RepCLI usage on the clones. The value is the Security Identifier (SID) of the user account/group that will run RepCLI commands on the clones.

      POLICY_NAME: Indicates the policy name that has the necessary exclusions and configurations to apply to the golden image. For Carbon Black Cloud sensors that are on versions prior to 3.8, use the GROUP_NAME parameter instead.

      See Installing Windows Sensors on Endpoints and Windows Sensor Supported Commands. For more information about RepCLI, see Managing Sensors by using RepCLI in the User Guide.

  3. Optional (Recommended). Complete a background scan on the golden image to optimize clone performance.
    1. In the Carbon Black Cloud console, click Enforce > Policies, select the policy, and click the Sensor tab.
    2. Select the Run background scan option and select Expedited scanning.
    3. Click Save.
    4. You can track scan progress by running the repcli status command. The output will be similar to the following: 
      General Info:
   Sensor Version[3.7.0.1473 - Sep 29 2021 - 20:34:38]
   Local Scanner Version[ - ]
   Disk Filter Version[3.7.0.1473]
   CbShared[104365] Policy[1269] FileAnalysis[386] Proto[548]
   Sensor State[Enabled]
   Details[LiveResponse:NoSession, LiveResponse:NoKillSwitch, LiveResponse:Disabled, SvcStable]
   DeviceHash[31dbad895ab7161f1f53bed2f4e3fa49ac64de98935b03752b53a407f65d9ea2]
   DeviceID[26365289]
   VirtualGuestToHostCommsStatus[Disconnected]
   ExternalIdentity[Not Available]
   Kernel File Filter[Connected]
   LastUser[Device\user]
   Background Scan [Complete]
   Total Files Processed[52581] Current Directory[None]
  4. Optional. Configure cache persistence for improved performance.

    The persistent cache setting (FileCachePersistenceState=3) saves significant CPU and disk IO resources by reusing calculated hashes on clones. This feature is available with Windows sensor 3.8+. In addition, pruning parameters (available with Windows sensor 3.7+) improve VDI performance.

    Persistent cache depends on the secure storage of the golden image snapshot files and assumes that no modifications are made to the snapshot while the golden image is offline. When enabling this setting, secure the golden image and storage infrastructure to an equivalent level, or to a higher level than the guest OS. We recommend that you limit physical and administrative access to the golden image and storage infrastructure, and regularly check your audit logs.

    1. In the left navigation bar in the console, click Inventory>Endpoints or Inventory>Workloads.
    2. Select the endpoint, click Take Action, and click Enable bypass. Confirm the action.
    3. To confirm that the endpoint is in bypass mode, run the following command: repcli status.
    4. As a best practice, make a backup of the cfg.ini file into another directory. For Windows sensor versions 3.6 and earlier, cfg.ini is located at C:\Program Files\Confer\cfg.ini. For Windows sensors 3.7+, cfg.ini is located at C:\ProgramData\CarbonBlack\DataFiles\cfg.ini.
    5. Edit cfg.ini. Add the following parameters:
      • RepDbPruneCountdownMs=14400000 (Default is 5 minutes; modified to 4 hours). This setting defines the interval after which the first pruning attempt is initiated.
      • PruneDeletedFilesSleepInterval=14400000 (Default is 30 minutes; modified to hours). This setting defines the delay for subsequent attempts after a successful pruning attempt.
      • PruneDeletedFilenameRowCount=500 (Default is 100). This setting defines the maximum number of rows to prune in one attempt.
      • FileCachePersistenceState=3 (Default is 0). This setting enables cache persistence on instant clones.
    6. Reboot the golden image.
    7. Log into the golden image and run common applications to populate the cache.
    8. In the left navigation bar in the console, click Inventory>Endpoints or Inventory>Workloads.
    9. Select the endpoint, click Take Action, and click Disable bypass. Confirm the action.
    10. Delete the backup file you created in Step 4d.
    11. Shut down the golden image.
  5. Reboot the golden image to apply full ransomware protections (3.7+ sensors). You can skip this step if you completed Step 4.
  6. Take a snapshot of the golden image.
  7. In the Horizon console, create an instant clone pool using the golden image and snapshot.
  8. After the pool becomes available in the Horizon console, check in the Carbon Black Cloud console to verify that the newly created instant clones are registered with a new Device ID and are assigned the correct policy. The endpoint inherits the policy from the golden image unless you have previously created Asset groups or Sensor groups and the installed sensor matches a group's criteria. Manual policy assignment post-installation overrides the inheritance.