Prerequisites
Prior to deploying the Carbon Black Cloud sensor, please ensure you have accounted for the following:
Configure the necessary network connectivity
The Carbon Black sensor communicates with the Carbon Black cloud using bidirectionally authenticated Transport Layer Security (TLS) via port 443. All communications are outbound, sensor-to-server.
You can find your Carbon Black cloud’s IP addresses on this page.
Please be sure that this address is authorized at network egress points and that traffic is not subject to manipulation or TLS interception.
Configure sensor groups and policy assignments
Each sensor is assigned a policy that determines what policy rules apply to the sensor. By default, each new sensor is assigned the Standard policy unless you define an alternate policy during a command line installation or you have previously created sensor groups, and the installed sensor matches a sensor group’s criteria.
Installing Carbon Black Cloud using a deployment tool
Use this installation method if you want to automate silent installations on many devices, including installations via a deployment tool such as Windows System Center Configuration Manager (SCCM).
To add the sensor application to System Center Configuration Manager (SCCM):
- Log into your Carbon Black Cloud console.
- Retrieve a company code from Endpoints > Sensor Options > Company Codes.
- Download a sensor kit for the target operating system from Endpoints > Sensor Options > Download sensor kits.
- Open SCCM Configuration Manager.
- In the Software Library, click Overview > Application Management > Applications.
- Right-click Applications and click Create Application.
-
On the General page, select Automatically detect information about this application from installation files:
Type: Windows Installer (*.msi file)
Location: Accessible share that contains the sensor .msi file downloaded above - Click Next.
- On the Import Information page, a message displays: Application information successfully imported from the Windows Installer.
- Click Next.
- On the General Information page, add the required COMPANY_CODE install parameter and any other optional install parameters. See Windows supported commands for options. Click Next.
- On the Summary page, click Next.
- On the Completion page, view the application details and click Close.
- In the Software Library, right-click Cb Defense Sensor Application and click Properties.
- Click the Deployment Type tab. Click the deployment type for Cb Defense and click Edit. Note that the CB Defense type also applies for Cb LiveOps and Cb ThreatHunter.
-
Click the Programs tab. If the Require code to uninstall sensor is enabled for the sensor policy and you want to be able to uninstall the sensor using SCCM, change the uninstall command from:
msiexec /x "installer_vista_win7_win8-xx-x.x.x.xxxx.msi"
to:
%ProgramFiles\Confer\uninstall.exe /uninstall <Company Deregistration Code>
- Click the Detection Method tab. Select the configured detection rule and click Edit Clause.
- Change the Setting Type to File System.
- Select The file system setting must satisfy the following rule to indicate the presence of this application.
- Set Path to %ProgramFiles%\Confer.
- Set File or Folder name to RepUx.exe.
- Configure MSI Property Version, Operator Greater than or equal to.
- The Version is the currently installed sensor version.
- Click OK three times to save Detection Rule, Detection Method, and Deployment Type.
To deploy the sensor application using SCCM:
- Open SCCM Configuration Manager.
- In the Software Library, click Overview > Application Management > Applications.
- Select the CB Defense application, and click Deploy.
- On the General page, for the Collection field, click Browse.
- From the drop-down menu, select Device Collections and select a collection of devices.
- Click Next.
- On the Content page, click Add to add a distribution point. Click Next.
- On the Deployment Settings page, set Action to Install, set Purpose to Required, and click Next.
- On the User Experience page, set your deployment preferences and click Next.
- On the Alerts page, set your alert preferences and click Next.
- On the Summary page, review and confirm all settings and click Next. 10. On the Completion page, click Close.
Installing Carbon Black Cloud manually
Use this installation method if you want to install the sensor manually on a single endpoint.
To manually install the Carbon Black Cloud sensor for Windows:
- Log into your Carbon Black Cloud console.
- Retrieve a company code from Endpoints > Sensor Options > Company Codes.
- Download a sensor kit for the target operating system from Endpoints > Sensor Options > Download sensor kits.
-
Run the sensor installer on your device, entering the company code from the earlier step:
msiexec /q /i C:\Users\UserFolderName\Desktop\installer_vista_win7_win8- 32-3.3.0.953.msi /L* log.txt COMPANY_CODE=<PUT COMPANY_CODE HERE>
Uninstalling Carbon Black Cloud
To uninstall from the Control Panel:
- Open the Windows Control Panel.
- Click Uninstall a Program.
- Choose Cb Defense Sensor and uninstall it.
Learn more about other ways to uninstall the Carbon Black Cloud sensor here.