VMware Carbon Black EDR 7.3.1 | 12 JUL 2022 | Build 7.3.1.18323

Check for additions and updates to these release notes.

What's New

VMware Carbon Black EDR Windows Sensor v7.3.1 is a maintenance release intended to address a deadlock issue with the prior 7.3.0-win sensor. This sensor release also includes all changes and fixes from previous releases.

This document provides information for users upgrading to Carbon Black EDR Windows Sensor v7.3.1 from previous versions as well as users new to Carbon Black EDR.

Server Compatibility

Carbon Black EDR sensors included with server releases are compatible with all server releases going forward. It is always recommended to use the latest server release with our latest sensors to utilize the full feature capabilities of our product; however, using earlier server versions with the latest sensor should not impact core product functionality.

Sensor Operating Systems

Carbon Black EDR sensors interoperate with multiple operating systems. For the most up-to-date list of supported operating systems for Carbon Black EDR sensors, see Sensor Operating Environment Requirements at https://docs.vmware.com/en/VMware-Carbon-Black-EDR/index.html.

Documentation

This document supplements other Carbon Black EDR documentation at https://docs.vmware.com/en/VMware-Carbon-Black-EDR/index.html.

Installation Instructions

To install the sensors on to your server, run through the following instructions:

  1. Ensure your Carbon Black EDR YUM repo is set appropriately:
    1. The Carbon Black EDR repository file to modify is /etc/yum.repos.d/CarbonBlack.repo
    2. Baseurl = https://yum.distro.carbonblack.io/enterprise/stable/$releasever/$basearch/
  2. On the Carbon Black EDR server, clear the YUM cache by running the following command:
    1. yum clean all
  3. After the YUM cache has been cleared, download the sensor install package by running the following command:
    1. Run yum install --downloadonly --downloaddir=<package local download directory> <package>
      1. Note: The <package local download directory> is a directory of your choice
      2. Note:<package> is replaced by cb-sensor-7.3.1.18323-win
  4. Install the new sensor package on the Carbon Black EDR server by running the command:
    1. rpm -i --force <package>
  5. Make the new installation package available in the server console UI by running the command:
    1. /usr/share/cb/cbcheck sensor-builds --update
      1. Note: If your groups have Automatic Update enabled, the sensors in that group will start to automatically update.

Your new sensor versions should now be available via the console. For any issues, please contact VMware Carbon Black Technical Support.

Important Note: It is always encouraged to conduct a reboot of the endpoint after installation (or restart) of our sensor to ensure the sensor properly captures the full historical data of all running processes and associated information.

Resolved Issues

  • CB-39363: Fixed a bug with the sensor causing deadlocks and leaving the system in an inoperable state

  • CB-39591: Updated internal compression library to zlib 1.2.12; performance and security improvements

Known Issues

  • CB-36112: Sensor upgrades from 7.2.0-win with Tamper Protection enabled may fail

    Sensor upgrades from 7.2.0-win → 7.2.1-win (with Tamper Protection enabled) may fail to fully upgrade the sensor to the 7.2.1-win version. Users should instead upgrade to our 7.2.2-win sensor (directly from 7.2.0-win) or temporarily disable the Tamper Protection enforcement, per the sensor group, ahead of scheduling any sensor upgrades to 7.2.1-win. Tamper Protection can be reapplied after sensor upgrades are successfully completed. If Carbon Black EDR server communication with an endpoint in Tamper Protection enforcement is lost, the endpoint will have to be booted into Safe Mode to locally disable Tamper Protection functionality and restore Carbon Black EDR sensor-server communications.

  • CB-17552: Disabling DNS name resolution for netconn events

    Versions of the sensor prior to 7.1.1 (and 6.1.12 for XP/Server2003) were susceptible to high CPU utilization in the IP Address-to-Hostname resolution functionality of the sensor. This issue has been addressed; however, this registry key will still disable IP address name resolution for customers who want to do so:

    [HKEY_LOCAL_MACHINE\SOFTWARE\CarbonBlack\config]

    "DisableNetConnNameResolution"=dword:00000001

    N/A

  • CB-28062: Obfuscated Windows Sensors will not start after first reboot

    Windows sensors installed from an obfuscated sensor group will not start after first reboot. A second reboot will start the sensor service.

  • CB-28063: Carbon Black branding is different between MSI and EXE installers

    Customers using the Add/Remove Program window to manage their Carbon Black EDR Windows sensor installation should be aware that the Carbon Black branding between the MSI and EXE installers is different.

  • EP-11934: VMware Carbon Black App Control Tamper Protection Rapid Config update recommended

    For users running Carbon Black App Control (formerly “CB Protection”) to tamper protect the Carbon Black EDR Windows Sensor (and do not opt-in to CDC) it is recommended to update the tamper rule settings for Carbon Black App Control to the latest “Carbon Black EDR Tamper Protection” Rapid Config to avoid possible conflict with applying Tamper Protection enforcement on both Carbon Black EDR and Carbon Black App Control.

    Note: Enabling Tamper Protection on both Carbon Black App Control and Carbon Black EDR does not provide extra protection and it is recommended to disable Carbon Black App Control enforcement of Tamper Protection after Carbon Black EDR enforcement is confirmed to be in place. When running Carbon Black EDR in “Tamper Detection” mode, “Tamper Protection” through Carbon Black App Control is still recommended. Tamper Protection (for Carbon Black EDR) requires a minimum operating system version of Windows 10 v1703 (Desktop) or Windows Server v1709. In addition,Tamper Protection (for Carbon Black EDR) requires minimum versions of both the Windows 7.2.0 sensor and 7.4.0 EDR Server. Please contact technical support to obtain the latest Rapid Config for Carbon Black App Control if needed.

Contacting Technical Support

Carbon Black EDR server and sensor update releases are covered under the Customer Maintenance Agreement. Technical Support is available to assist with any issues that might develop during the installation or upgrade process. Our Professional Services organization is also available to assist to ensure a smooth and efficient upgrade or installation.

Use one of the following channels to request support or ask support questions:

Reporting Problems

When contacting Carbon Black Technical Support, provide the following required information:

  • Contact: Your name, company name, telephone number, and email address
  • Product version: Product name (Carbon Black EDR server and sensor versions)
  • Hardware configuration: Hardware configuration of the Carbon Black EDR server (processor, memory, and RAM)
  • Document version: For documentation issues, specify the version and/or date of the manual or document you are using
  • Problem: Action causing the problem, the error message returned, and event log output (as appropriate)
  • Problem Severity: Critical, serious, minor, or enhancement request

Note: Before performing an upgrade, Carbon Black recommends you review related content at the Carbon Black EDR section of docs.vmware.com.

check-circle-line exclamation-circle-line close-line
Scroll to top icon