Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control v1.10 Rules Installer Download

App Control v1.10 Rules Installer Download

Beginning with App Control 8.1.4, the rules that govern agent behavior have their own Rules Installer, separate from the CB App Control Server installation. As we make improvements to the rules, we can now make new versions available without requiring a server upgrade. New Rules Installers will be posted on the Carbon Black User Exchange.

Important: You must install at least version 8.1.4 App Control Server before using the Rules Installer.  The Rules Installer is not compatible with versions of the App Control Server prior to 8.1.4. Please see the “Uploading Agent Installer and Rules to the Server” chapter in the CB App Control 8.7.0 User Guide for more details.

Customers who are performing a fresh (non-upgrade) installation of the CB App Control Server will need to install the Rules Installer before deploying agents.  For customers upgrading the CB App Control Server, we strongly recommend that you install the latest Rules Installer after the server upgrade.

The current version of the Rules Installer is version 1.10

The current Rules Installer can be downloaded here.

SHA256 of the RulesInstaller_1.10.22.16.zip

SHA256: 93196f158197df5d4466472d2a91026f1b03b0386461e995f232c55e11ace02a

New and Modified Features in Release 1.10

The Carbon Black App Control Rules Installer 1.10 provides the following improvements and enhancements:

  • Added rules to the VMWare Workspace ONE Rapid Config that approves updates to Workspace ONE from the Windows App Store.  
  • Added a "Microsoft Edge" Rapid Config that approves updates to Microsoft Edge.  
  • Added two, related Rapid Configs: 
    • Sunburst Protection was added to look for behavior specific to the SolarWinds/Sunburst breach. 
    • Reconnaissance and Exfiltration Protection was added to generally protect against Recon and Exfiltration. 
  • You can see details of the Sunburst attack here: https://community.carbonblack.com/t5/Threat-Research-Docs/TAU-TIN-SolarWindsSUNBURST-Solarigate-Inci...

 

Known Issues and Limitations

No known issues at this time.

For more information, please see the Rules Installer v1.10 Release Notes 

 

Comments

@mynameisdoug  "Is there a method to be notified of updated Rules Installer files being posted to this page - or will enabling all of the automatic Software Rule Options in System Configuration - Advanced Options tab install them when they become available?"

Currently there is no notification when a new or updated Rules Installer is available.  We do have a ticket in the backlog for a future release to add a Health Indicator that would come down from the CDC (like we do agents and new server releases) to inform customers a new version is available.

 

@jsenesap "Where are the logs to see if the installer ran correctly?"

The rules installer (whether run via the upload page or executed manually) will create a log file in %temp%\. If the install is successful the file is copied to C:\Program Files (x86)\Bit9\Parity Server\Support\.

The format of the file will be like this: RulesInstall-2019-05-22-152654.log

Every time it is run a unique file name will be generated, so you don't have to worry about overwriting one and losing it.

 

@0j8b15303  "For those of us who are going to migrate to the stable version 8.1.4, will we still need the previous rules installer?  Where do we download the: CB Protection RulesInstaller 1.0.26?"

You do not have to install previous versions of the Rules Installer.  Installing the latest version of the Rules Installer includes all rules from previous versions.  

Can we install this new rules installer running Server version 8.1.4.98?  Or do we have to upgrade to 8.1.6 first?

Hi @troys ,

In short, yes, you can. So, you can be on 8.1.4 and just continue to update the Rules installers as they come out.

From the very top of this article, we point out the following...

"Beginning with CB Protection 8.1.4, the rules that govern agent behavior have their own Rules Installer, separate from the CB Protection Server installation.  As we make improvements to the rules, we can now make new versions available without requiring a server upgrade. New Rules Installers will be posted on the Carbon Black User Exchange."

"Important: You must install at least version 8.1.4 CB Protection Server before using the Rules Installer. "

Hope that helps clarify it for you

David

Getting a Failed -Forbidden when attempting to download the RulesInstaller_1.4.4.31.zip? Everything else including the 8.1.8 Server, Linux, Windows and MAC links all seem to work correctly? Any thoughts on why I would be seeing this with just the one Rules Installer File?

@bhicks  sorry for the issue.  I just tested and it download fine, but I know that doesn't help you.

Can you try a different browser maybe?  If still no luck, let me know and I will figure out an alternate way to get it to you.

Unfortunately I'm still getting a block even when using IE Explorer with the error indicating that Im unable to download the Rules Installer CB Protection Rules 1.4 (Build 3.26) Threat Found :Sandbox Malware. Odd as I have not had this issue in the past and was able to download all other files/documents related to the Rules Installer + the 8.1.8 CBP Site Server installation. Would it be possible for you to share this from an FTP site or any other way that might provide me with the ability to complete this download. Thank you for your energy/efforts and quick response.

Thanks Bill

 

For additional content here is what I get when I dig in to the error seen on Chrome, I have confirmed I am indeed logged in.
 
"Forbidden" or "Failed - Forbidden"

This error means you don't have permission to download this file from the server.

To fix, go to the website where the file is hosted. Check if you need to sign in (or provide some other authentication). If you can't sign in, contact the website or server owner, or try finding the file on a different site.

when i try to upload the installer to the server, i get a "Upload succeeded. Checking progress..." notification then  installation failed. i have tried several times with the same result.

I've had the same failure as @sanderson. Any resolution to this?

@xstuartbarrettx i think i put my carbon black server in report only and it ended up working.

Hi @xstuartbarrettx  & @sanderson - Could I ask what App Control (Formerly Cb Protection) Server Version(s) you were uploading this to? Also, I recommend logging a ticket with us folks here in Support, which will help with investigation into any possible issues regarding the 1.6 Rule installer.

Thanks,

David

Hi,

Is there a way to see what changes are being introduced with each new Rules Installer update?

While it is good to stay updated it is even better to know about increased abilities.

Thanks!

In the unlikely event that updating the "Rules Installer (any version)" were to cause issues, is there an ability to "back out"? Other than restore server from backup?

These are the types of questions I am required to answer for system changes.

Thanks!

I too would like to know if there is a change log for the Rule Installer.   I just installed the latest version.  How do I know what rules were added and/or changed?

Thanks!

Not able to download the file "RulesInstaller_1.6.1.5 (1).zip". Keep getting error "Link usage exceeded. Please contact the person who sent you the link."

@Hi @e-ng2  - The link to the Rules Installer is a one time generated link, meaning it can only be downloaded from that link, just the once. Opening the link directly from above will provide the resource for you to download the installer.

 

Hope that helps,

David 

Hi @davy I clicked on the link above, it opened up a page with the download link. I got the error "Link usage exceeded. Please contact the person who sent you the link." after clicking on the download button.

Hi @e-ng2  - Try clearing your cache first, and/or a different browser, and if this still does not work, please open a Case with us folks here in Technical Support, so we can provide that to you, should it still be an issue.

Hi @davy Tried on IE, Edge and Chrome, with cache cleared each time switching the browser, same error "Link usage exceeded. Please contact the person who sent you the link." Will open a case.

Hi @e-ng2 - Thanks for testing that out - sorry to hear it was not working for you. FWIW I can confirm the download worked for me - Please reference this thread and my name in the Support ticket. 

Thanks!

Thanks @esullivan Managed to download the rulesinstaller with the given link.

None of the links listed above or in original post work to download the rules installer.  Can you please provide a corrected link?

@cliffmarkman can you try a different browser (or an incognito browser) or if you are on VPN pls try off VPN.  What error or issue are you getting when trying to access?

The download is failing for me on 2 Chromium browsers with cleared cache.  I was able to get it via IE11.

It turns out that our PaloAlto firewall was flagging the file as malicious and stopping the download as it happened.  I didn't get the standard block page so it was not readily apparent until I did some further digging.  I am able to download it now.

for server version 8.6.0.155 and rules updater 1.8, be sure and approve the rules updater or put your bit9 server in local approval.  otherwise, you will probably get a failed install because Bit9 is blocking itself.

 

I do love a good dose of irony.

Any changes to the file hash? Published Hash: SHA256 of the RulesInstaller_1.8.22.9.exe SHA256: 85f19f59b57a85267ae5ab0da285d627eb92ee0cada53006a971fb275e33e525 Result from the get-filehash command after downloading the RulesInstaller_1.8.22.9.exe Algorithm : SHA256 Hash : DBF291BB670E76BE2B898EB261A11ED175379D9114802BA9B6D5F1F65D958F2E

@e-ng2 - That hash you got from the get-filehash command is for the .zip file itself, and not the actual .exe - I have confirmed both just now. 
Hashes.png

Is there a change log or release log for the rules?

Article Information
Author:
Creation Date:
‎02-04-2021
Views:
42301