When you start a VM in ransomware recovery, VMware Live Cyber Recovery installs a security sensor on the VM that analyzes its behavior and scans its files for malware and known vulnerabilities.

VMware Tools 11.2 or higher is required to install the sensor. VMware Tools must also have the Carbon Black Launcher included.

Windows VMs already have VMware Tools and the Carbon Black Launcher installed, so when you run a ransomware recovery plan, the sensor is installed automatically.

For Linux VMs, you must manually install the launcher, either before you run a ransomware recovery plan or while a running plan is paused:
  • If you install the Carbon Black Launcher on a Linux VM before you run the plan, then the sensor will be installed automatically. You should install the launcher on all production VMs that you are protecting with snapshot replication, so all snapshots include the Carbon Black Launcher.
    Note: If you are unable to see or access the Carbon Black launcher software on the Broadcom support site, open a support ticket.
  • If you do not have the Carbon Black Launcher before you run the plan, then you must configure the plan to pause after you start it, so you can install the launcher and sensor manually.

You can install the sensor manually from vCenter on the recovery SDDC or from the Carbon Black Cloud console.

The network segment the VM is connected to must have internet access, so the VM can reach the security services location within a specific Carbon Black Cloud point of presence (PoP). Make sure that your network and in-guest firewalls do not block access to the URLs listed below.

Common URLs for all Carbon Black Cloud PoPs (US, EU):
https://content.carbonblack.io
https://updates.cdc.carbonblack.io

URLs for specific Carbon Black Cloud PoPs:

US
https://dev-prod05.conferdeploy.net
EU
https://dev-prod06.conferdeploy.net

For more information about setting up firewalls to allow access to Carbon Black Cloud, see Configure a Firewall.

Install Sensor from vCenter on Recovery SDDC

You can Enable Carbon Black on Virtual Machines if you do not have access to the Carbon Black Cloud service tile, or if you are a partner using the CPN (Cloud Provider Network) console. When you enable Carbon Black Cloud for a VM, you also install the security sensor.

When you enable integrated security and vulnerability analysis, VMware Live Cyber Recovery deploys a Carbon Black Cloud plug-in that allows you to install the sensors from vCenter on the recovery SDDC. VMs must be powered on in the recovery SDDC prior to beginning sensor installation, which is done when you run the plan and install the sensors on Windows or Linux VMs.

Install Sensor from Carbon Black Cloud Console

To install the sensor from the Carbon Black Cloud console, your user account requires at least one Carbon Black Cloud user role.

To install the sensor on a Windows VM, see: Run Plan and Install Windows Sensor.

To install the sensor on a Linux VM, see: Run Plan and Install Linux Launcher and Sensor.