Jump to main content
Carbon Black App Control User Guide
Carbon Black App Control User Guide
Index
  1. Home
  2. Carbon Black App Control User Guide
  3. Managing Computers

    This section describes the steps necessary to install Carbon Black App Control agents on computers. It also describes how to upgrade or uninstall agents, view the details agents provide to the Carbon Black App Control Console and manage operating system updates on agent-managed systems.

  4. Agent Installations and Upgrades

    Information regarding agent installations and upgrades is maintained in the Agent Installation Guide located on Broadcom Tech Docs.

  • Carbon Black App Control User Guide
    • Preface

      This is your guide to day-to-day administration and security monitoring tasks: monitoring executable files on your network using App Control; configuring the App Control Server; managing computers running the App Control Agent; and managing App Control Console users.

    • App Control Overview

    • Using the Console

      This section covers the basics of using the Carbon Black App Control Console: how to log in and out, how to navigate in the user interface from the Home page and menu system, and how to view the information Carbon Black App Control makes available to you through tables, details pages, and dashboards.

    • Managing Console Login Accounts

      This section describes how to create and manage login accounts for the Carbon Black App Control Console. It also describes how to define user roles that grant access to specified features, and in some cases limit this access by policy.

    • Managing Computers

      This section describes the steps necessary to install Carbon Black App Control agents on computers. It also describes how to upgrade or uninstall agents, view the details agents provide to the Carbon Black App Control Console and manage operating system updates on agent-managed systems.

      • Assigning Computers to a Policy

        Every computer running a Carbon Black App Control Agent is assigned a security policy.

      • Viewing the Table of Computers

        The Computers page provides a table of computers and information about them, including their platform, policies, Enforcement Levels, and whether they are currently connected to the server. As with most console tables, you can add or remove details shown in the table using the Columns button.

      • View Complete Details for One Computer

        There are several ways to locate a computer and display its details. You can use the Find Computer portlet on the Home Page to locate the computer and then drill down to its details.

      • Move Computers to Another Policy

        Moving a computer into a different policy is a convenient way to change its protection without creating a new policy. From the Computers table, you can select and move computers into different policies.

      • Restoring Computers from the Default Policy

        The Default policy is for computers that report to the Carbon Black App Control Server but cannot be associated with any other policy.

      • Moving a Computer to Local Approval Mode

        When computer users need to install new software and Carbon Black App Control trusted-approval methods (directory, user/group, publisher and updater) are inappropriate, you can temporarily put the user’s computer into Local Approval mode, which is a special policy that permits software installation.

      • Performing a Cache Consistency Check

        Use this procedure to perform a cache consistency check on one or more computers managed by your Carbon Black App Control Server. This check ensures that the agent on a computer has accurate information about the files on the computer.

      • Adding Computers

        Computers are added to the Computers table on the Carbon Black App Control Console when you install the agent on them and they contact the Carbon Black App Control Server – there is no special “Add Computer” operation required.

      • Deleting Computers

        Computers that are no longer in service or that you choose not manage with an agent may be deleted from the Carbon Black App Control Server.

      • Duplicate Computers

        In some cases, duplicate computer names can appear in the Computers table. This can happen when an agent-managed computer is taken offline, reconfigured or repaired, and then has the agent re-installed without having its previous agent uninstalled and its entry deleted from the table. This presents an asset management problem, one that can become much greater in larger organizations with many computers being reconfigured on a regular basis.

      • Operating System Updates on Windows Agents

        Support for operating system changes on systems running the agent depends upon the Windows release you are upgrading from and to:

      • Enabling Trusted Directory Approval of WIM Files

        You can enable “crawling” and approval of the contents of Windows Image (WIM) files in trusted directories. Addition of support for WIM crawling will help increase approval coverage of updates you receive via Windows Server Update Service (WSUS).

      • Operating System Updates on Mac Agents

        If you plan to update the operating system on a Mac endpoint to a major release, the agent on that endpoint should be put into disabled mode before the OS update. This would be true, for example, for upgrading from macOS 10.13 to 10.14.

      • Operating System Updates on Linux Agents

        If you plan to update the operating system on a Linux endpoint to a major release, the agent on that endpoint should be put into disabled mode before the OS update. This would be true, for example, for upgrading from RHEL 6.8 to 7.3.

      • Agent Installations and Upgrades

        Information regarding agent installations and upgrades is maintained in the Agent Installation Guide located on Broadcom Tech Docs.

        • View Current Agent Versions and Package Generation Status

          If you have System Health indicators enabled, you are notified when your agent or rule installer versions are out of date. With or without System Health indicators enabled, you can view the current versions of agent and rule installers in the Carbon Black App Control console.

    • Creating and Configuring Policies

      This section explains how to create policies and change their settings, including Enforcement Levels.

    • Managing Virtual Machines

      This section explains how Carbon Black App Control efficiently manages virtual machines, called clones in the console, and the template computers on which they are based.

    • File, Publisher, and Application Information

      This section describes the location and contents of file information in Carbon Black App Control. It also includes:

    • Approving and Banning Software

      This section describes how to approve or ban software using Carbon Black App Control. It includes information about both global and local file approval.

    • Deleting Files

      This section describes how to use the Carbon Black App Control Console to delete files on Windows endpoints.

    • Reputation Approval Rules

      This section describes reputation approval rules, which can be used to automatically approve files based on the file and publisher trust ratings that Carbon Black File Reputation provides.

    • Managing File-Signing Certificates

      This section describes advanced features for using file-signing certificates in Carbon Black App Control file monitoring and enforcement activities.

    • Managing Devices

      This section describes features for tracking and control of storage devices detected on computers running the Carbon Black App Control Agent.

    • Custom Software Rules

      Custom rules define actions you want the agent to take in response to file, directory, or process activity that matches conditions you specify. They may be used to optimize performance, protect file integrity, create a trusted file path for software distribution, or meet other special needs

    • Memory Rules

      Memory Rules let you protect a process from being accessed or altered by other processes or users.

    • Registry Rules

      This chapter describes Registry rules, which control what happens when there is an attempt to make changes in the Windows Registry at locations that match paths you specify. If you choose, you can limit enforcement of the rules to specified users and/or processes.

    • Script Rules

      This chapter describes Script rules, which identify files to be tracked and managed as scripts by Carbon Black App Control. The Carbon Black App Control Server includes built-in script rules, and you can create custom rules to identify other scripts.

    • YARA Rules

      Carbon Black App Control provides content-based inspection by using YARA rules, which enables more granular control of the security policy in your environment. YARA rules are descriptions of malware samples that can help you detect and classify malware in files. In a rule, the criteria for the rule is defined and tags are specified. When the rule is enabled, tags are assigned to files that meet the criteria for the rule.

    • Expert Rules

      Expert rules are Custom, Memory, and Registry rules created with a special interface that provides many more options than the standard interface for these rules. They are intended for expert users working with Carbon Black Support or Technical Services.

    • Rapid Configs

      This chapter describes Rapid Configs, which are sets of rules that can be used to accomplish tasks such as application optimization, operating system and application hardening, and approval of files delivered by software distribution systems.

    • Event Rules

      There are Event rules, which allow you to specify an action to be performed when an event matches filters you define.

    • Endpoint Notifiers and Approval Requests

      This chapter describes the Carbon Black App Control features that involve interactions with endpoint users.

    • Events, Alerts and Meters

      This section explains how to use Carbon Black App Control event reports and alerts to monitor file activity and other key operations on your network. It also describes tools for detecting propagation of files on your network and for keeping track of the number of times a specified file executes.

    • Monitoring Change: Baseline Drift Reports

      This section describes how to use Baseline Drift Reports, which allow you to track changes in the inventory of files on systems running the Carbon Black App Control Agent.

    • Advanced Threat Detection

      This section describes how you enable and use Carbon Black App Control’s Advanced Threat Indicators, and how you can monitor threats through events, file details, and alerts.

    • Using and Customizing Dashboards

      Carbon Black App Control Dashboards are configurable pages containing compact windows called portlets, each of which provides access to Carbon Black App Control-related information or controls.

    • Locating Files

      This section describes how to use the Find Files page to locate or verify the existence of specific executable files on computers running the Carbon Black App Control Agent. Find Files locates instances of files, not their listings in the File Catalog.

    • System Configuration

      This section describes settings that enable you to configure and maintain your Carbon Black App Control Server installation. Access to the System Configuration page is available only to login accounts in the Administrators group or in customized groups with View System Configuration and Manage System Configuration check boxes selected.

    • Unified Management of Multiple Servers

      If you have multiple Carbon Black App Control servers, you can centralize the management of those servers. Unified Management allows you to specify that one server can control many common management functions for any connected Carbon Black App Control servers.

    • Monitoring System Health

      This section introduces the System Health page, which provides Carbon Black App Control administrators with the ability to monitor the health and performance of the Carbon Black App Control Server.

    • Live Inventory SDK: Database Views

      In addition to the access provided to the Live Inventory of files and computers through the console, Carbon Black App Control provides public views into the database. You can create your own reporting and data analysis solutions through the use of these public views.

    • Carbon Black App Control API

      The Carbon Black App Control API is intended for programmers who want to write code to interact with Carbon Black App Control, either using custom scripts or from other applications. It is a RESTful API that can be consumed over HTTPS protocol using any language that can create get URI requests and post/put JSON requests as well as interpret JSON responses.

    • Carbon Black App Control Connector

      This section provides instructions for configuring and using the Connector, which integrates the Carbon Black App Control Server with one or more network security devices or services.

    • DASCLI

      The DasCLI.exe program, referred to as DASCLI, is an executable which provides Command Line Interface (CLI) access to the Carbon Black App Control Windows Agent. Messages are transmitted between DASCLI and the Agent.

    • Diagnostic Files

      The Carbon Black App Control Console includes a page that displays certain diagnostic files for the Carbon Black App Control Server and its agents. These files can be useful when you are investigating issues in your Carbon Black App Control environment with the assistance of Carbon Black Support.

    • Uploading Files from Agents

      This topic describes uploading files from agents.

    • Exporting Data for External Analysis

      This section provides instructions for configuring and using Carbon Black App Control External Analytics, which enables the Carbon Black App Control Server to export data it collects from endpoints to external analysis tools.

Agent Installations and Upgrades

Information regarding agent installations and upgrades is maintained in the Agent Installation Guide located on Broadcom Tech Docs.

Please see:

  • Agent Installation Guide
  • Uploading Agent Installers and Rules to the Server
© 2024 VMware by Broadcom