This documentation provides information for administrators who are responsible for integrating VMware Carbon Black EDR with various tools.

The following table summarizes the contents of this guide:



App Control

Describes the procedure for integrating Carbon Black EDR with VMware Carbon Black App Control. It describes the available features when this integration is active, and general features that contribute to the coexistence of the Carbon Black EDR sensor and App Control agent on the same computer.

Anti-Malware Scanning Interface

Describes the Anti-Malware Scanning Interface (AMSI) support in the Carbon Black EDR Event Forwarder. This is a beta release of this feature.


Describes the procedure for integrating a Carbon Black EDR server with the Microsoft Enhanced Mitigation Experience Toolkit (EMET).

SSO Identity Providers

Describes supported SAML 2.0 specifications and SAML 2.0 Single Sign-On (SSO) setup. It also explains how to integrate with the OKTA, Shibboleth, and ADFS IdPs.

Third-Party Authentication

Describes how to integrate Duo plug-in; you can configure two-factor authentication and download the Duo Mobile application on a mobile device.


Describes syslog output for Carbon Black EDR events. It provides descriptions and examples of the output, and explains how you can use syslog output for notification of alerts.

VDI Support

Describes Carbon Black EDR support for Virtual Desktop Infrastructure (VDI) and how to configure your machines to use it.