VMware Carbon Black EDR 7.8.0 | 16 JUL 2023 | Build 7.8.0.230722 Check for additions and updates to these release notes. |
VMware Carbon Black EDR 7.8.0 | 16 JUL 2023 | Build 7.8.0.230722 Check for additions and updates to these release notes. |
VMware Carbon Black EDR 7.8.0 is a Minor release of the VMware Carbon Black EDR server and console.
This release delivers FIPS 140-2 support on RHEL 8, migration from legacy to System OpenSSL on EL 8, Process Analysis Event Search, the ability for non-Admin users to add and manage YARA rules in YARA Manager, and bug fixes.
Important:
For EL 8 OS deployments, upgrading to Carbon Black EDR Server 7.8.0 is mandatory before upgrading to future server versions. This release includes important updates and improvements that enhance the functionality and security of the platform.
One significant change in this release is the upgrade of RabbitMQ to version 3.10.20. This upgrade is mandated by RabbitMQ as a prerequisite before moving to the 3.11.x versions. By upgrading RabbitMQ, you ensure compatibility with the latest features and enhancements offered by the RabbitMQ messaging system.
Another crucial aspect of the upgrade is the migration from the legacy OpenSSL version to the system-provided OpenSSL 1.1.1. This migration aligns with industry best practices and ensures compatibility with the latest security standards. By utilizing OpenSSL 1.1.1, you benefit from improved cryptographic protocols and enhanced security measures, strengthening the protection of sensitive data within your Carbon Black EDR deployment.
Components Included in this Release
Server version 7.8.0.230722
Windows Sensor version 7.4.1.18957: Release Notes
macOS Sensor version 7.2.3.90160: Release Notes
Linux Sensor version 7.1.2.98050: Release Notes
Each release of Carbon Black EDR software is cumulative and includes changes and fixes from all previous releases.
FIPS 140-2 Support on RHEL 8
The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard that defines the minimum security requirements for cryptographic modules in information technology products. Carbon Black EDR Server 7.8.0 introduces the ability to run Carbon Black EDR Server in FIPS-enabled mode on a FIPS-enabled RHEL 8.2, 8.6, 8.7, or 8.8 server to comply with FIPS 140-2 requirements.
See the FIPS 140-2 on RHEL 8 section of the VMware Carbon Black EDR Server Cluster Management Guide for more information.
Migration from Legacy to System OpenSSL on EL 8
With the release of Carbon Black EDR Server 7.8.0, we highly recommend that you use a system-provided OpenSSL version of at least 1.1.1 in combination with OpenResty, built with Nginx version 1.21.4 on EL 8 systems. This recommended configuration ensures optimal compatibility and performance for your Carbon Black EDR deployment. By utilizing a system-provided OpenSSL version of at least 1.1.1, you can take advantage of the latest security enhancements and cryptographic protocols offered by OpenSSL. This ensures the secure transmission and encryption of data within your Carbon Black EDR environment, aligning with industry best practices.
Additionally, Carbon Black EDR Server 7.8.0 includes utility scripts specifically designed to facilitate the regeneration of certificates, making them compatible with OpenSSL 1.1.1. These utility scripts streamline the process of updating and renewing certificates to meet the new standards, ensuring a smooth transition to the recommended OpenSSL version.
See the Migration from Legacy to System OpenSSL on EL 8 section of the VMware Carbon Black EDR Server Cluster Management Guide for more information.
Note: The migration to a system-provided OpenSSL version of at least 1.1.1 is required to run Carbon Black EDR Server in FIPS-enabled mode on a FIPS-enabled RHEL 8.2, 8.6, 8.7, or 8.8 server.
Process Analysis Event Search
Carbon Black EDR Server 7.8.0 introduces the ability to search through process event results on the Process Analysis page to find process events of interest. Search and Filters criteria can be used in conjunction to refine the process event results.
See the Process Event Search section of the VMware Carbon Black EDR User Guide for more information.
YARA Manager for Analyst Users
In previous versions of Carbon Black EDR, only users who are assigned with the Administrator (on-prem EDR) and Global Administrator (Hosted EDR) roles could access YARA Manager to configure and manage rules in YARA Connector. Beginning in Carbon Black EDR Server 7.8.0, users assigned with the Analyst role can also use YARA Manager to configure and manage rules in YARA Connector.
See the YARA Manager section of the VMware Carbon Black EDR User Guide and YARA Connector and Manager User Guide for EDR for more information.
This document provides information for users who are upgrading to VMware Carbon Black EDR Server version 7.8.0 from previous versions, and for users who are new to VMware Carbon Black EDR and are installing it for the first time.
The key information specific to this release is provided in the following major sections:
[On-Prem Only] Prepare for Server Installation or Upgrade – Describes requirements to meet and information needed before beginning the installation process for the VMware Carbon Black EDR server.
Configure Sensor Update Settings Before Upgrading Server – VMware Carbon Black EDR 7.8.0 comes with updated sensor versions. Servers and sensors can be upgraded independently, and sensors can be upgraded by sensor groups.
What's New – Provides a quick reference to new and modified features that are introduced in this version.
Third-Party Software Updates – Describes updates of third party software included in this version.
Resolved Issues – Describes issues that are resolved by this release, and general improvements in performance or behavior.
Known Issues – Describes known issues or anomalies in this version.
Contacting Support – Describes ways to contact Carbon Black Technical Support and what information to have ready.
This document supplements other Carbon Black documentation. Supplemental release documentation can be found in the Carbon Black EDR section of docs.vmware.com.
In addition to this document, you should have access to the following key documentation for VMware Carbon Black EDR Server 7.8.0:
VMware Carbon Black EDR 7.8.0 User Guide: Describes how to use the Carbon Black EDR servers that collect information from endpoint sensors and correlate endpoint data with threat intelligence.
VMware Carbon Black EDR 7.8.0 Server / Cluster Management Guide: Describes installation, configuration, and upgrade of RPM-based Carbon Black EDR servers.
VMware Carbon Black EDR 7.8.0 Containerized Server Guide: Describes installation and migration of Carbon Black EDR containerized servers.
VMware Carbon Black EDR 7.8.0 Server Configuration Guide: Contains details about cb.conf parameters.
VMware Carbon Black EDR 7.8.0 Integration Guide: Contains details about integrating Carbon Black EDR with tools and applications.
VMware Carbon Black EDR 7.8.0 Unified View Guide: Describes the installation and use of the Carbon Black EDR Unified View server. Information on server hardware sizing requirements and software platform support is included.
VMware Carbon Black EDR Operating Environment Requirements: Describes base requirements and scalability information for installing Carbon Black EDR on-prem servers.
This section describes the requirements and key information that is needed before installing a VMware Carbon Black EDR server. All on-premises users, whether upgrading or installing a new server, should review this section before proceeding. See the appropriate section of the VMware Carbon Black EDR 7.8.0 Server/Cluster Management Guide for specific installation instructions for your situation:
To install a new VMware Carbon Black EDR server, see “Installing the VMware Carbon Black EDR Server”.
To upgrade an existing VMware Carbon Black EDR server, see “Upgrading the VMware Carbon Black EDR Server”.
To install and migrate to Containerized Carbon Black EDR Server (Server 7.7.0+), see the VMware Carbon Black EDR Containerized Server Guide.
Customers on Server 5.x, please note:
Direct upgrades from Server 5.x to Server 7.x are not supported. See this VMware Carbon Black User Exchange announcement for more information.
Carbon Black EDR Server software packages are maintained at the Carbon Black yum repository (yum.distro.carbonblack.io). The links will not work until the on-prem General Availability (GA) date.
The following links use variables to make sure you install the correct version of Carbon Black EDR, based on your machine’s operating system version and architecture.
Use caution when pointing to the yum repository. Different versions of the product are available on different branches, as follows:
Specific version: The 7.8.0 version is available from the Carbon Black yum repository that is specified in the following base URL:
baseurl=https://yum.distro.carbonblack.io/enterprise/7.8.0-1/$releasever/$basearch
This link is available as long as this specific release is available. It can be used even after later versions have been released, and it can be useful if you want to add servers to your environment while maintaining the same version.
Latest version: The latest supported version of the Carbon Black EDR server is available from the Carbon Black yum repository that is specified in the following base URL:
baseurl=https://yum.distro.carbonblack.io/enterprise/stable/$releasever/$basearch/
This URL will point to version 7.8.0-1 until a newer release becomes available, at which time it will automatically point to the newer release.
Note:
Communication with this repository is over HTTPS and requires appropriate SSL keys and certificates. During the Carbon Black EDR server install or upgrade process, other core CentOS packages can be installed to meet various dependencies. The standard mode of operation for the yum package manager in CentOS is to first retrieve a list of available mirror servers from http://mirror.centos.org:80, and then select a mirror from which to download the dependency packages. If a Carbon Black EDR server is installed behind a firewall, local network and system administrators must make sure that the host machine can communicate with standard CentOS yum repositories.
See the VMware Carbon Black EDR Containerized Server Guide for instructions on how to download and install the Carbon Black EDR Server container image.
Operating system support for the server and sensors is listed here for your convenience. The VMware Carbon Black EDR Operating Environment Requirements document describes the full hardware and software platform requirements for the Carbon Black EDR server and provides the current requirements and recommendations for systems that are running the sensor.
Both upgrading and new customers must meet all of the requirements specified here and in the VMware Carbon Black EDR Operating Environment Requirements document before proceeding.
Server / Console Operating Systems
Note: Carbon Black EDR no longer supports Red Hat Enterprise Linux (RHEL) / CentOS 6.x.
For best performance, Carbon Black recommends running the latest supported software versions for RPM-based Carbon Black EDR installations:
Red Hat Enterprise Linux (RHEL) / CentOS 7.3 - 7.9 (64-bit)
Red Hat Enterprise Linux (RHEL) / CentOS 8.1 - 8.8 (64-bit)
CentOS 8.2 - 8.4 (64-bit)
However, if the customers are pinning dependencies to a specific OS version, the product only supports the following software versions for RPM-based Carbon Black EDR Server and Unified View:
Red Hat Enterprise Linux (RHEL) / CentOS 7.5 - 7.9 (64-bit)
Red Hat Enterprise Linux (RHEL) / CentOS 8.2 - 8.8 (64-bit)
CentOS 8.2 - 8.4 (64-bit)
Note: Versions 7.3, 7.4, and 8.1 (64-bit) of CentOS/RHEL are not supported if customers are pinning dependencies.
Installation and testing are performed on default install, using the minimal distribution and the distribution’s official package repositories. Customized Linux installations must be individually evaluated.
For containerized on-prem Carbon Black EDR Server installations, the product supports any operating system that is capable of running:
Docker 1.13
Docker CE 20.10.14
Sensor Operating Systems (for Endpoints and Servers)
For the current list of supported operating systems for VMware Carbon Black EDR sensors, see https://docs.vmware.com/en/VMware-Carbon-Black-EDR/index.html.
Note: Non-RHEL/CentOS distributions or modified RHEL/CentOS environments (those built on the RHEL platform) are not supported.
VMware Carbon Black EDR 7.8.0 comes with updated sensor versions. Servers and sensors can be upgraded independently, and sensors can be upgraded by sensor groups.
Decide whether you want the new sensor to be deployed immediately to existing sensor installations, or install only the server updates first. Carbon Black recommends a gradual upgrade of sensors to avoid network and server performance impact. We strongly recommend that you review your sensor group upgrade policies before upgrading your server, to avoid inadvertently upgrading all sensors at the same time. For detailed information on Sensor Group Upgrade Policy, see the Sensor Group section of the VMware Carbon Black EDR 7.8.0 User Guide.
To configure the deployment of new sensors by using the VMware Carbon Black EDR web console, follow the instructions in the VMware Carbon Black EDR Sensor Installation Guide.
express 4.17.1 -> 4.18.2
body-parser 1.19.0 -> 1.20.1
query-string 6.7.0 -> 6.11.0
extract-loader 5.1.0 SHA-1-Gy8GKNz/3YRnL7DwABPV+Wngyzc= -> 5.1.0 SHA-512-+U7sMNULTgm3d3G4hE+N7Rvr/Npsxa7M1jfgvhyYdJuOnyLepm9e2gGuriKw1mrX+mJnX4krPfKI4qyLJ5x94w==
loader-utils 1.1.0 -> 2.0.4
decode-uri-component 0.2.0 -> 0.2.2
jQuery-ui 1.13.1 -> 1.13.2
@babel/core 7.17.2 -> 7.21.3
babel-loader 8.2.0 -> 8.3.0
file-loader 6.2.0 -> 6.2.0
string-replace-loader 3.1.0 -> 3.1.0
underscore-template-loader 1.1.0 -> 1.2.0
eslint-plugin-import 2.25.4 -> 2.27.5
@pmmmwh-react-refresh-webpack-plugin 0.5.4 -> 0.5.10
Redis 7.0.4 -> 7.0.8
protobuf-java 3.19.4 -> 3.22.2
protobuf-kotlin 3.19.4 -> 3.22.2
Python 3.10.6 -> 3.10.11
certifi 2021.10.8 -> 2022.12.7
cryptography 36.0.2 -> 40.0.2
requests 2.27.1 -> 2.28.2
werkzeug 2.2.2 -> 2.2.3
pyOpenSSI 21.0.0 -> 23.1.1
avatica-core 1.18.0 -> 1.23.0
calcite-core 1.27.0 -> 1.34.0
calcite-linq4j 1.27.0 -> 1.34.0
protobuf-java-util 3.20.0 -> 3.22.2
protobuf-java 3.20.0 -> 3.22.2
woodstox-core 6.2.4 -> 6.5.0
jackson-annotations 2.13.3 -> 2.14.2
jackson-core 2.13.3 -> 2.14.2
jackson-databind 2.13.3 -> 2.14.2
jackson-dataformat-smile 2.13.3 -> 2.14.2
jackson-dataformat-xml 2.13.3 -> 2.14.2
jackson-datatype-jdk8 2.13.3 -> 2.14.2
jackson-module-jaxb-annotations 2.13.3 -> 2.14.2
jackson-module-parameter-names 2.13.3 -> 2.14.2
commons-fileupload 1.4 -> 1.5
postgresql 42.5.0 -> 42.6.0
netty 4.1.87.Final -> 4.1.92.Final
jakarta.el 3.0.3 -> 3.0.4
rabbitmq-server 3.8.23 -> 3.10.20
erlang 23.3.4.7 -> 25.3.2
hazelcast 3.12.8 -> 3.12.13
gosu 1.14+4.g66c26c5 -> 1.16
snakeyml 1.33 -> 2.0
json-smart 2.4.7 -> 2.4.11
flask 2.2.2 -> 2.2.5
sqlparse 0.4.2 -> 0.4.4
CB-29178: Server 7.8.0 resolves an issue on the Watchlists page in which a selected Watchlist is not highlighted in the list of Watchlists to distinguish it from unselected Watchlists
The selected Watchlist is now highlighted.
CB-30040: Server 7.8.0 resolves an issue in which users would not be redirected to the login page on session timeout
Includes EA-17715, EA-16149, and EA-14715.
The page would become blank aside from the left and top navigation panels, which could still be used to navigate to other blank pages. As of Server 7.8.0, users are automatically redirected to the login page upon session timeout.
CB-30957, EA-15958: Server 7.8.0 resolves an issue in which the ampersand character (&) could be improperly handled in queries
CB-31948, EA-15429: Server 7.8.0 resolves an issue in which the API call /api/v1/process/host/count?cb.freqver=1&name= is overly slow and could result in an HTTP 500 Internal Server Error
CB-34192, EA-18106: Server 7.8.0 removes the deprecated and nonfunctional sharing setting, EDR Event Data with VMware Carbon Black
CB-36216, EA-18899: Server 7.8.0 resolves an issue in which Binary Search queries that include host_count do not accurately account for multiple hosts with the same hostname
Now, Binary Search results for queries that include host_count accurately reflect different sensors with the same hostname and host counts in the product. For example, on the Binary Details page and Binary Info section of an event of the Process Analysis page, results are reported accurately.
CB-40060, EA-21632: Server 7.8.0 resolves an issue in which the default sorting and pagination behavior for /api/v2/sensor is not adequately documented
The default field used for sorting for api/v1/sensor and api/v2/sensor is last_checkin_time. While the API is being used to page through all sensors with this default sorting, it is possible that sensors will continue to check in, which will update the results. This means that as successive pages of data are retrieved, new sensors may have moved to the top of the list, thereby pushing sensors from a previous page of results into the next page of results and causing it to appear that those sensors are being duplicated in the results. To overcome this possible source of confusion, a different sorting mechanism can be specified (for example, "sort.col=computer_name").
CB-36412, CB-29216: Server 7.8.0 resolves an issue in which clicking on the ‘Analyze’ link for an old event included in an Investigation would fail to properly load the Process Analysis page
CB-36496: Modification (regmod) events do not display any host hits (__ computer(s) have seen this regmod in __ processes) and registry key paths are not searchable
Includes EA-22927, EA-21630, EA-20650, EA-19022.
Server 7.8.0 resolves an issue in which certain registry modification (regmod) events do not display any host hits (__ computer(s) have seen this regmod in __ processes) and registry key paths are not searchable via Process Search when the registry key value is clicked on from a regmod event on the Process Analysis page.
CB-37187, EA-19258: Server 7.8.0 resolves an issue in which the DUO 2FA secrets.ini file can be overwritten during Carbon Black EDR Server installation or upgrade
CB-37691: Data ingestion can slow significantly or potentially stop entirely
Includes EA-21889, EA-20801, EA-20662, EA-20334.
Server 7.8.0 resolves an issue in which data ingestion can slow significantly or potentially stop entirely if one or more long, command-line-based Ingress Filters, especially involving the use of regular expressions, is enforced.
CB-37711, EA-19972: Server 7.8.0 resolves an issue in the Validate_Feed.py utility that could cause it to fail
CB-37716, EA-20347: CBFeeds Readme.md instructions improvement
Server 7.8.0 improves the instructions provided in the CBFeeds ReadMe.md file (https://github.com/carbonblack/cbfeeds).
CB-37812, EA-20132: Duplicate Solr writer core
Server 7.8.0 resolves an issue in which the solr-up command can create a duplicate Solr writer core following the upgrade of EDR Server if a Solr reader core does not exist at Solr startup.
CB-38340, EA-20674, EA-16050: Server 7.8.0 resolves an issue in which export of Hostnames on the Binary Search page could fail with a 400 error when filtering was applied
CB-38578, CB-41105, EA-20874: Alliance Server certificate improvements. Contact Technical Support for more information
CB-40005: Server 7.8.0 resolves an issue in which Ingress Filters that contain MD5 hashes with uppercase letters were ignored
Ingress Filters only accepted lowercase letters in MD5 hash values in previous versions. Ingress Filters are now case insensitive to accept lowercase and uppercase letters.
CB-39467, EA-21357: SAML authentication error message
Server 7.8.0 improves the error message that is displayed when a SAML authentication error occurs during a Hosted EDR login attempt from Doh! invalid_response to Error! Invalid SAML Response, please try again. Server 7.8.0 also improves the debug logging of SAML authentication errors.
CB-40248, EA-21791: Server Communication Status
Server 7.8.0 resolves an issue in which, in the Server Communication Status section of the Server Dashboard page, an Unable to connect to VMware Carbon Black App Control Server error can be improperly displayed, even if Carbon Black EDR Server’s connection with the VMware Carbon Black App Control Server is successful.
CB-40324, EA-21809: Server 7.8.0 resolves an issue in which an ingress filter ID that has a name that ends with a space could not be modified or deleted through the console
CB-40376: Server 7.8.0 resolves an issue in which an overly long error message could be reported on the Event Forwarder Settings page when an attempt to save an Event Forwarder configuration change fails due to connection refusal
The error message is now improved.
CB-40398: Migration from RPM-based Carbon Black EDR Server to Containerized Carbon Black EDR Server
Server 7.8.0 resolves an issue in which, upon migration from RPM-based EDR Server to containerized EDR Server, the copied on_demand feeds directory could lack adequate permissions, which prevents the ‘cb’ user in containerized EDR Server from reading the ‘threatintel.json’ file, resulting in the following error: Error while loading feed ‘threatintel', which was specified in TicFeeds.
CB-40399: Server 7.8.0 resolves an issue in which password expired error messages could be incorrectly displayed during the installation of containerized Carbon Black EDR Server
CB-40449, EA-21965: Server 7.8.0 resolves an issue in which the FQDN reported in an email alert could be incorrect
CB-40568, EA-22044: Synchronization failures
Server 7.8.0 resolves an issue in which the synchronization of a third-party threat intelligence feed would fail entirely if any of the reports within the feed contained unsupported formatting.
CB-40778, EA-21964: Server 7.8.0 resolves an issue in which the binary_purge command could fail to delete binary files
CB-41706, EA-22750: Containerized Carbon Black EDR Server and Alliance Server failures
Carbon Black EDR Server 7.8.0 resolves an issue in which communication between a containerized instance of Carbon Black EDR Server and Alliance Server could fail, causing threat intelligence feeds sourced from Alliance Server to stop working.
CB-35335: In Carbon Black EDR Server 7.5.0-7.7.2, Live Query page
In Carbon Black EDR Server 7.5.0-7.7.2, a user with “No Access” to a particular sensor group will experience an infinite loading indicator on the Live Query page when they try to execute a Live Query that includes that sensor group.
CB-39786: In Carbon Black EDR Server 7.7.0-7.7.2, attempting a large, bulk resolution of Alerts can result in a timeout
CB-39497: In Carbon Black EDR Server 7.7.0-7.7.2, on the Investigations page, events of different types that occurred around the same time can be improperly overlaid instead of stacked
CB-39411: Yara Manager UI Configuration in Containerized Carbon Black EDR
Yara Manager UI configuration for the Yara connector does not work in Containerized Carbon Black EDR Server because Yara Manager code is not included in the Carbon Black EDR Server container image. The Yara Connector and Yara Manager will exist in their own container image, which does not yet exist as of the Server 7.7.2 release. Containerized Carbon Black EDR Server must be connected to containerized Yara Connector and Yara Manager (after they are released) for Yara Manager UI configuration to work.
CB-39413, EA-19397: In Carbon Black EDR Server 7.7.0-7.7.2, on the Binary Search page, the bars in the Host Count graph can appear improperly thin
CB-33355: In some cases, a process Watchlist will produce more hits than alerts
When a Watchlist query is executed using the original terms (e.g. process_name:notepad.exe), both the original segment (with events) and the tagged segment (without events) are returned, and both results appear on the Watchlists page. This makes it appear that there have been two hits, when in fact, there was only one. The result is two apparent hits, but only one alert, which is deceptive.
CB-35668: In Carbon Black EDR Server 7.5.0-7.7.2, in the Configure Watchlist Expiration panel on the Watchlists page, a whole number must be entered for the watchlist expiration duration
In Carbon Black EDR Server 7.5.0-7.7.2, in the Configure Watchlist Expiration panel on the Watchlists page, a whole number must be entered for the watchlist expiration duration in order to save, even when the first option, “Do not mark watchlists as expired if they have no hits.” is selected. The configuration should successfully save when “Do not mark watchlists as expired if they have no hits.” is selected and the “Notify me when watchlists have not received hits in” value is blank.
CB-31662: Watchlist query in the Create Watchlist modal does not properly wrap text if the text starts with “-”
When creating a Watchlist, the Watchlist query in the Create Watchlist modal does not properly wrap text if the text starts with “-”. The “-” creates a line break; thus, the subsequent text is displayed on the following line. This is an issue on Google Chrome/Chromium.
CB-33586: Red dot does not display
In Server 7.5.0, on the Process Search page, a process that has a Threat Intelligence Feed hit tag in one segment may not display the feed hit icon (a red dot) when “Group by process” is selected.
CB-35139: Binary Search searches sometimes return zero results
In Server 7.5.0-7.7.2, Binary Search searches can sometimes return zero results when there are matching results that should be returned.
CB-35147: Submitted child process events of type "2" (other exec) do not properly store the process PID
In Server 7.5.0-7.7.2, when using the GET /v3/{guid}/event API (or GET /v5/{guid}/event), submitted child process events of type "2" (other exec) do not properly store the process PID
CB-35148: Process information not properly returned
In Server 7.5.0, when using the GET/v1/process/{guid}/{segmentid}/preview API, process information is not properly returned.
CB-31136: Live Query fails to take the SensorInactiveFilterDays setting into account
Live Query fails to take the SensorInactiveFilterDays setting into account when determining which sensors to target. The sensor count on the right side of the ‘Current query’ bar shows all targeted sensors, while the quantity of targeted sensors in the ‘Run New Query’ pop-up does account for SensorInactiveFilterDays, and will sometimes show a lower number.
CB-20565: Cannot enable or disable Alliance Sharing
When using a custom email server, you cannot enable or disable Alliance Sharing.
Disable the custom email server, make the change, and re-enable the custom email server.
VMware Carbon Black EDR server and sensor update releases are covered under the Carbon Black Customer Maintenance Agreement. Technical Support can assist with any issues that might develop. Our Professional Services organization is also available to help ensure a smooth and efficient upgrade or installation.
Use one of the following channels to request support or ask support questions:
Web:User Exchange
Email: [email protected]
Phone: 877.248.9098
Reporting Problems
When contacting Carbon Black Technical Support, provide the following required information:
Contact: Your name, company name, telephone number, and email address
Product version: Product name (VMware Carbon Black EDR server and sensor versions)
Hardware configuration: Hardware configuration of the VMware Carbon Black EDR server (processor, memory, and RAM)
Document version: For documentation issues, specify the version and/or date of the manual or document you are using
Problem: Action causing the problem, the error message returned, and event log output (as appropriate)
Problem Severity: Critical, serious, minor, or enhancement request
Note: Before performing an upgrade, Carbon Black recommends you review the related content on the User Exchange and the release documentation at Carbon Black EDR section of docs.vmware.com.