This article describes how to install Carbon Black Cloud Windows sensors on the command line or through software distribution tools in a VMware vSphere environment to enable the automatic identification and registration of vSphere clones.

Prerequisites

To get started, see Installing Sensors on Endpoints in a VDI Environment.

Make sure that your environment meets the minimum requirements:

  • Carbon Black Cloud Windows sensor 3.7 MR2 and later
  • vCenter Server 6.7 or later
  • Host with ESXi 6.7 or later connected to the vCenter server
  • Windows VM running OS versions that are supported by the sensor
  • Carbon Black Host Module installed and running on the hosts on which VMs are deployed

Procedure

  1. Install the Windows sensor on VMs using the following command:
    msiexec.exe /q /i <Sensor Installer Path> /L*v msi.log COMPANY_CODE="XYZABC" CLI_USERS=<UserGroupSid> AUTO_REREGISTER_FOR_VDI_CLONES=3 GROUP_NAME="<Virtual Policy>"
    < Sensor Installer Path> : Replace this value with the location of the sensor MSI file; for example, c:\tmp\installer_win-64-3.7.0.1503.msi.
    CLI_USERS= <UserGroupSid>: This parameter enables RepCLI usage on the clones. The value is the Security Identifier (SID) of the user account/group that will run RepCLI commands on the clones.
    GROUP_NAME: Indicates the policy name that has the necessary exclusions and configurations.

    See Installing Windows Sensors on Endpoints and Windows Sensor Supported Commands. For more information about RepCLI, see Managing Sensors by using RepCLI in the VMware Carbon Black Cloud User Guide.

  2. (Optional) Confirm that the required configuration properties are set correctly to enable the automatic identification and reregistration of vSphere clones:
    1. Use the repcli configprops command to verify that the configuration properties have the expected values:
      Table 1. Configuration Properties
      Configuration Property and Value Usage
      VHostEnabled=1
      Controls communication with Host User World. Supported values:
      0=False
      1=True (default)
      EnableAutoReregisterFor VDIClones=3
      Controls the auto-reregistration feature. Supported values:
      1=Disable auto-reregistration for VDI clones (default)
      2=Make reregister decision based on BIOS UUID change only
      3=Make reregister decision based on BIOS UUID and MAC HASH change (required)
      EnableExternalIdsChange DetectionForVDIClones=1
      Controls Host User World-based auto-reregistration feature. Supported values:
      0=False
      1=True (default)
      IncludeExternalIds InMsgsToBackend=1
      Select if external identifiers should be sent in messages to the backend. Supported values:
      0=False
      1=True (default)
    2. If any of these configuration properties have different values, edit C:\ProgramData\CarbonBlack\DataFiles\cfg.ini to change them. To disable automatic reregistration, set EnableExternalIdsChangeDetectionForVDIClones to 0. After you have made your changes, run the RepCLI updateconfig command to immediately update the cfg.ini file.
      Note: You must put the sensor into bypass mode before you can edit cfg.ini. As a best practice, make a backup of cfg.ini into another directory before you edit it in a plain text editor. After you have edited cfg.ini, take the sensor out of bypass mode. For more details about editing cfg.ini, see How To Change ConfigProps Via Cfgi.ini.
  3. Issue the repcli status command to verify that the sensor can connect to the host module and can query external identifiers. For example:
    cmd> repcli status 
     General Info: 
      Sensor Version[3.7.0.1500 - Oct  8 2021 - 14:41:39] 
      Local Scanner Version[ - ] 
      Sensor State[Enabled] 
      DeviceHash[e56223a76e00...] 
      DeviceID[11223344] 
      VirtualGuestToHostCommsStatus[Connected] 
      ExternalIdentity[ee8fc1c7-bd1e-4b10-9f32-04825a8b136e::501052cb-1d88-24b6-963d-9625a6c39f1e] 
  4. Clone the VM through vSphere or by using APIs (managed object browser, pyVmomi, etc.).

    The sensor running on the cloned VM should reregister. You can check the same by running repcli status on the clone VM and ensuring that the updated external identifiers have persisted and the Device ID has changed.