Carbon Black EDR Linux Sensor 7.3.1 | 26 JUNE 2024| Build 7.3.1.93494

Check for additions and updates to these release notes.

What's New

Carbon Black EDR Linux Sensor 7.3.1 is a Maintenance release that introduces support for:

  • RHEL 9.4

  • Oracle Linux 9.4

  • Rocky Linux 9.4

  • AlmaLinux 9.4

  • Oracle Linux UEK 8.9 (OL8U9)

Sensor Operating Systems

Carbon Black EDR sensors operate with multiple operating systems. For the current list of supported operating systems, see Linux Operating Systems and Respective Sensors.

Documentation

This document provides information for users who are upgrading to Carbon Black EDR Linux Sensor 7.3.1 from previous versions and users who are new to Carbon Black EDR. This document supplements other arbon Black EDR documentation at https://docs.vmware.com/en/VMware-Carbon-Black-EDR/index.html.

Installation Instructions

Warning: EDR Linux Sensors versions 7.x do not support EL6 distros (RHEL/CentOS 6.x). Attempting to upgrade EL6 endpoints will result in a failed upgrade and the sensor will be offline.

To install the new sensor:

  1. Set your yum repo appropriately: modify /etc/yum.repos.d/CarbonBlack.repo with the appropriate baseurl, if needed.

    • Baseurl= https://yum.distro.carbonblack.io/enterprise/stable/$releasever/$basearch/

  2. Clear the yum cache.

    • yum clean all

  3. Download the installer.

    • Substitute the cb-linux-sensor-installer name for cb-linux-sensor-installer-7.3.1.93494-1.noarch.

    • The <package local download directory> is a directory such as /tmp.

    • Run the following command to download the installer:

      yum install --downloadonly --downloaddir=<package local download directory> <package>

  4. Change your directory to the <package local download directory> from Step 3.

  5. Run the following command to install the package:

    • rpm -i --force <package>

      (current package to use: cb-linux-sensor-installer-7.3.1.93494-1.noarch)

  6. Run the following command to make the new installation package available in the server console:

    • /usr/share/cb/cbcheck sensor-builds --update

Note: Within the Upgrade Policy section of Sensor Group settings, if the Automatically upgrade to the latest version setting is enabled for Linux sensors, the Linux sensors in that group will automatically upgrade to this new version.

The new sensor versions should now be available via the console. If the following warning occurs:

warning: /tmp/cb-linux-sensor-installer-7.3.1.93494-1.noarch: Header V4 RSA/SHA1 Signature, key ID 6ac57704: NOKEY

Refer to this Knowledge Base Article: https://knowledge.broadcom.com/external/article/286269/edr-how-can-the-public-key-be-downloaded.html

For any other issues, see Contacting Support.

Resolved Issues

  • CB-18158: Oracle Linux UEK 8.9 (OL8U9) is now supported

Known Issues

  • CB-44065: Banned hash is still banned when BanningEnabled=false

    When a hash is banned but the Carbon Black EDR Server configuration setting BanningEnabled=false (controlled via cb.conf file or the Process Banning setting in the Advanced section of Sensor Group settings), the hash is still banned and the associated process is still blocked/terminated on endpoints in that Sensor Group, when they should not be.

  • CB-30175: Custom TLS Certificate

    Proxy setting in sensorsettings.ini will not work with a custom TLS certificate.

  • CB-17033: Installation Directory

    This version of the Linux Sensor Installer does not respect the specification of a non-default installation directory in cb.conf on the server – the default directory is always used.

  • CB-6623: ICMP Traffic

    ICMP traffic is still allowed when a sensor is isolated.

  • CB-37627: Downgrades from 7.2.0-lnx to 6.x.x-lnx

    Downgrades from 7.x.x-lnx to 6.x.x-lnx will require manual deinstallation of 7.x.x-lnx and installation of 6.x.x-lnx due to extensive architectural changes introduced in 7.0.0-lnx.

  • CB-37628: Downgrades from 7.1.0-lnx w/Kernel > 4.x

    Downgrades from 7.1.x-lnx on systems running with a kernel version greater than 4.x to any previous sensor version will require manual cleanup of sensor packages.

Contacting Support

Carbon Black EDR server and sensor update releases are covered under the Carbon Black Customer Maintenance Agreement. Technical Support can assist with any issues that might develop. Our Professional Services organization is also available to help ensure a smooth and efficient upgrade or installation.

Log in to the Broadcom Support portal, and click My Cases. For detailed instructions regarding the use of the Broadcom Support Portal, see the Broadcom Support Portal Getting Started Guide.

For additional options and contact methods, see Contact Support.

check-circle-line exclamation-circle-line close-line
Scroll to top icon