Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

2.1.0.9 Windows Release Notes.pdf

2.1.0.9 Windows Release Notes.pdf

Labels (1)
Attachments
Comments

Hi John and Team,

New to the CB community here, reading through some of the release notes for the Windows 2.1.0.8 sensor release. The issues that are listed as resolved how would I read about the issue that the ID describes for instance the very first one is of interest to us listed as DSEN-689/CIT-11070, we'd like to learn a little bit more about the issue but I'm not quite sure how to find those articles/ID's on this site. Is that possible? Thanks.

In regards to the "Enhanced Logging Through Diagnostic Collection on the Sensor" in the update, will these logs and information be available via the dashboard?

Hi ncostanzo​,

Unfortunately these are internal ticket IDs that we use for tracking purposes. Typically, they are included in our release notes to help our support team track specific cases that were reported.

I apologize for the confusion around those IDs. If there are any issues in particular that you would like to learn more about, or have questions about, I can try to answer them.

Hope this helps.

Kyle

Hi kyle.donovan,

Thanks for the quick response. I'll try to make this very short and get as much info in but not make it a novel. We did a small POC deployment of Carbon Black into our 600+ endpoint environment, things went well nobody really noticed anything or complained about any issues. We then rolled it out en masse after our POC ended, it hit about 630 or so end points. For about 2-3 weeks everything was pretty much smooth sailing. Then we hit a wall with users last week in Outlook with the program opening very very slowly, Outlook then pointed to addins having issues loading (2-3 in particular) we tried to look at updating those, seemed to not work that well. Putting workstations in Bypass immediately fixed the issues. We are starting to see some grumblings of a couple of other applications but not wide spread yet.  Does any of what I've described seem related to the first issue listed in the release notes?

Hi ncostanzo​,

Yes, I believe the issues you were running into with Outlook will be resolved by this sensor update. If you continue to experience this issue after you upgrade, please open up a ticket with our support organization and we would be happy to do a deeper dive investigating why you are having latency issues on your endpoints.

ccowger​, that specific improvement is with regards to various sensor logs that our Support team call pull from the endpoint via Cloud in case there is a technical issue that requires troubleshooting. While it will certainly help us serve our customers better, that is not something you will see via the Dashboard.

On a related note, we are introducing a number UI/UX improvements too! For more details on that please see Rolling Out the July 17 Release of Cb Defense, Cb Defense July Releases Notes and Video Link : 1300​.    

--

Alexey Popov | Technical Support Manager, Cb Defense

ncostanzo​, that specific fix is related to a corner case where under certain conditions the delay execute feature of Cb Defense sensor kept "firing" repeatedly for an application causing that application to perform poorly. Without looking at your specific issue in more detail, we can't say for certain whether that is what you had experienced or if the performance hit was for a different reason in your case.

If the issue persist after updating to sensor 2.1.0.8 and you are running other AV application(s) alongside Cb Defense sensor, please try adding the following Permissions Rule to your Cb Defense policy. That is known to help with Outlook performance issues when there are other AV products running on the same system.

Application: When and application at path: **\Users*\AppData\Local\Microsoft\Outlook\mapisvc.inf

Operation: Tries to perform any operation

Action: Bypass

If that doesn't help either, please Create a Case in The Community so our Support team can help troubleshoot some more.

--

Alexey Popov | Technical Support Manager, Cb Defense

About CIT-10780, was it already resolved?

In Windows Sensor version 2.0.4, it was known issue, but in ver 2.1.0.8, There is not in "Issue Resolved".

yukisato​ according to the case, it was determined to be a limitation on Microsoft's side, and there was nothing actionable from a CB/sensor side. As a result, we did not include it in "Issues Resolved," since there was no action taken by Carbon Black. Do you know if the customer is still having issues? If so, we could absolutely re-open the case and investigate further.

We have no information about this issue. So if I find same issues, I will ask you.

The title says "2.1.0.9 Windows Release Notes.pdf", but actual download link to the PDF file is set to "2.1.0.8 Windows Release Notes.pdf" file.

Can you please correct the link.

Thank

haro​ Thank you for pointing that out. Fortunately, there are no differences in the notes, as the 2.1.0.9 build was a patch to 2.1.0.8 to make Windows Security Center integration default to "off" for existing customers. It was our intention for this feature to default to "off" in the 2.1.0.8 build, but due to a bug, there were some instances where it turned "on" for existing users. I have corrected the naming convention of the document to avoid additional confusion.

Thank you again for the help in getting this corrected.

Article Information
Author:
Creation Date:
‎07-05-2017
Views:
27993