Skip to main content
Red Canary help

Installing and uninstalling the Carbon Black Cloud sensor on Windows

  • Updated .

Prerequisites

Prior to deploying the Carbon Black Cloud sensor, please ensure you have accounted for the following:

Configure the necessary network connectivity

The Carbon Black sensor communicates with the Carbon Black cloud using bidirectionally authenticated Transport Layer Security (TLS) via port 443. All communications are outbound, sensor-to-server.

You can find your Carbon Black cloud’s IP addresses on this page.

Please be sure that this address is authorized at network egress points and that traffic is not subject to manipulation or TLS interception.

Configure sensor groups and policy assignments

Each sensor is assigned a policy that determines what policy rules apply to the sensor. By default, each new sensor is assigned the Standard policy unless you define an alternate policy during a command line installation or you have previously created sensor groups, and the installed sensor matches a sensor group’s criteria.

Installing Carbon Black Cloud using a deployment tool

Use this installation method if you want to automate silent installations on many devices, including installations via a deployment tool such as Windows System Center Configuration Manager (SCCM).

To add the sensor application to System Center Configuration Manager (SCCM):

  1. Log into your Carbon Black Cloud console.
  2. Retrieve a company code from Endpoints > Sensor Options > Company Codes.
  3. Download a sensor kit for the target operating system from Endpoints > Sensor Options > Download sensor kits.
  4. Open SCCM Configuration Manager. 
  5. In the Software Library, click Overview > Application Management > Applications.
  6. Right-click Applications and click Create Application
  7. On the General page, select Automatically detect information about this application from installation files
    Type: Windows Installer (*.msi file) 
    Location: Accessible share that contains the sensor .msi file downloaded above
  8. Click Next
  9. On the Import Information page, a message displays: Application information successfully imported from the Windows Installer
  10. Click Next.
  11. On the General Information page, add the required COMPANY_CODE install parameter and any other optional install parameters. See Windows supported commands for options. Click Next
  12. On the Summary page, click Next
  13. On the Completion page, view the application details and click Close
  14. In the Software Library, right-click Cb Defense Sensor Application and click Properties
  15. Click the Deployment Type tab. Click the deployment type for Cb Defense and click Edit. Note that the CB Defense type also applies for Cb LiveOps and Cb ThreatHunter. 
  16. Click the Programs tab. If the Require code to uninstall sensor is enabled for the sensor policy and you want to be able to uninstall the sensor using SCCM, change the uninstall command from: 
    msiexec /x "installer_vista_win7_win8-xx-x.x.x.xxxx.msi"
    to: 
    %ProgramFiles\Confer\uninstall.exe /uninstall <Company Deregistration Code>
  17. Click the Detection Method tab. Select the configured detection rule and click Edit Clause
  18. Change the Setting Type to File System
  19. Select The file system setting must satisfy the following rule to indicate the presence of this application
  20. Set Path to %ProgramFiles%\Confer. 
  21. Set File or Folder name to RepUx.exe.
  22. Configure MSI Property Version, Operator Greater than or equal to
  23. The Version is the currently installed sensor version. 
  24. Click OK three times to save Detection Rule, Detection Method, and Deployment Type

To deploy the sensor application using SCCM:

  1. Open SCCM Configuration Manager
  2. In the Software Library, click Overview > Application Management > Applications.
  3. Select the CB Defense application, and click Deploy
  4. On the General page, for the Collection field, click Browse
  5. From the drop-down menu, select Device Collections and select a collection of devices. 
  6. Click Next
  7. On the Content page, click Add to add a distribution point. Click Next
  8. On the Deployment Settings page, set Action to Install, set Purpose to Required, and click Next
  9. On the User Experience page, set your deployment preferences and click Next. 
  10. On the Alerts page, set your alert preferences and click Next. 
  11. On the Summary page, review and confirm all settings and click Next. 10. On the Completion page, click Close

Installing Carbon Black Cloud manually

Use this installation method if you want to install the sensor manually on a single endpoint.

To manually install the Carbon Black Cloud sensor for Windows:

  1. Log into your Carbon Black Cloud console.
  2. Retrieve a company code from Endpoints > Sensor Options > Company Codes.
  3. Download a sensor kit for the target operating system from Endpoints > Sensor Options > Download sensor kits.
  4. Run the sensor installer on your device, entering the company code from the earlier step:
    msiexec /q /i C:\Users\UserFolderName\Desktop\installer_vista_win7_win8- 32-3.3.0.953.msi /L* log.txt COMPANY_CODE=<PUT COMPANY_CODE HERE>

Uninstalling Carbon Black Cloud 

To uninstall from the Control Panel:

  1. Open the Windows Control Panel.
  2. Click Uninstall a Program.
  3. Choose Cb Defense Sensor and uninstall it.

Learn more about other ways to uninstall the Carbon Black Cloud sensor here.