Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Protection 8.1.6 User Guide

CB Protection 8.1.6 User Guide

This document provides information for administrators, incident responders, and others who will operate the CB Protection Console. It describes how to use CB Protection, including:

  • How to use the CB Protection Console
  • Server configuration
  • Agent installation
  • Computer and file management
  • Rule creation
  • Monitoring features

See the "Before you begin" chapter for a complete list of topics discussed in the document.

See the Comments below for changes in this version.

Labels (1)

Change log for the December 2019 CB Protection 8.1.6 User Guide (changes since the October 2019 8.1.6 version):

Note: This is a documentation update only -- the product has not changed since the previous 8.1.6 edition of this manual.

  1. In the "Managing Computers" chapter, corrections were made to the "Manually Upgrading Windows Agents" section. The current agent versioning model does not identify "patch" releases, and all standard agent upgrades should use "msiexec /fvamus" for command-line installations, not "msiexec /i". Other obsolete information about patch releases was also removed.
  2. In the "Managing Computers" chapter, obsolete information was removed from the "Feature Limitations for Non-Upgraded Agents" section, primarily about agents that are no longer supported.
  3. In the "Script Rules" chapter, the "Pre-Configured Script Rules" section was updated to include descriptions of Yara-based rules for Windows agents introduced in CB Protection 8.1.6.
  4. In the "Custom Software Rules" chapter, the "Custom Rule Fields" section was updated to show a new "Action (Legacy)" column available in the rules table, and to update the description of the Action column to reflect its new behavior. Other fields missing from the "Custom Rule Fields" table were also added.
    Similar changes were made to the rule fields sections of the "Registry Rules" and "Memory Rules" chapters.
  5. Other minor corrections and improvements were made.



Change log for the October 2019 CB Protection 8.1.6 User Guide (changes since the August 2019 8.1.4 version):

  1. In the "Using the CB Protection Console" chapter, added a section "Custom Login Banners" that introduces the new ability to create a custom banner that appears whenever a user logs in to the CB Protection Console. In the "System Configuration" chapter, added a section "Adding a Login Banner to the Console" with step-by-step instructions for configuring this banner.
  2. In the "Events, Alerts, and Meters" chapter, added a section "Caching Events for Later Viewing" that describes the new Cached Events page and feature. This feature allows you to create a particular view of events and specify that it be processed overnight into a cache for more efficient viewing.
  3. In the "Managing Console Login Accounts" chapter, modified the "Logging in Using SAML" section to indicate that the email address required for matching an IdP account to a CB Protection console account may be now be provided through the IdP NameID attribute or an attribute named EmailAddress. Previously only EmailAddress could be used. In the "System Configuration" chapter, the "Configuring SAML Logins" section was updated to reflect the same change.
  4. In the "Event Rules" chapter, changes were made throughout to indicate that the ability to actively ban files (not just "Report Ban") and move agents between policies are now standard actions in event rules. These actions no longer require special configuration.
  5. In the "CB Protection Connector for Network Security Devices" chapter, sections describing deprecated connectors were removed.
  6. In the "System Configuration" chapter, added information to the "Activating CB Collective Defense Cloud" section specifying that a TLS 1.2 connection is required between the Collective Defense Cloud and the the CB Protection Server. This section also includes a recommendation to use .NET 4.6 (or later) to avoid problems with the connection.
  7. In the "Approving and Banning Software" chapter, updated "Table 41: File Rules Parameters" to include missing values for the Source field and add a description of the Source Name field. These were missing from previous versions of the user guide.
  8. Other minor improvements and editorial changes were made in this version.

If you are upgrading from an older release, the Comments section for the version 8.1.4 CB Protection User Guide might also include information of interest about recent documentation changes.

Article Information
Creation Date: