We’re migrating product documentation to docs.vmware.com, starting with Carbon Black Cloud. Learn more.

CB Protection 8.1.8 User Guide

CB Protection 8.1.8 User Guide

Document Version: July, 2020

This document provides information for administrators, incident responders, and others who will operate the CB Protection Console. It describes how to use CB Protection, including:

  • How to use the CB Protection Console
  • Server configuration
  • Agent installation
  • Computer and file management
  • Rule creation
  • Monitoring features

See the "Before you begin" chapter for a complete list of topics discussed in the document.

See the Comments below for changes in this version.

Labels (1)
Attachments
Comments

Change log for CB Protection 8.1.8 User Guide.pdf (changes since the 8.1.6 version):

  1. Updated Copyright content.
  2. In the "Managing Computers" chapter, within the section “Preparing for New Agent Installation,” information was provided regarding the use of OneDrive on the agent.
  3. In the “Approving and Banning Software” chapter, within the section “Approving by Trusted Directory,” added the phrase, “…and applicable policies, if any.” to the final sentence in the first paragraph.
    • 8.1.6 version: The level of approval provided by a trusted directory depends on the platform on which it is located.
    • 8.1.8 version: The level of approval provided by a trusted directory depends on the platform on which it is located and applicable policies, if any.
  4. In the “Approving and Banning Software” chapter, within the section “Creating a Trusted Directory,” modified the second sentence.
    • 8.1.6 version: You specify the deployment server name and the directory to trust on that server.
    • 8.1.8 version: You specify the deployment server name, the directory to trust on that server, and if that trusted directory applies to all or specific policies.

      In addition, modified step 5 of the embedded procedure to take into consideration the ability to apply a policy to a trusted directory.
  1. In the “Approving and Banning Software” chapter, within the section “Creating a Trusted Directory,” modified Table 40 to include a table row for Policies.
  2. In the “Approving and Banning Software” chapter, within the section “Approving by Trusted User or Group,” added the following line:
         Trusted user can also execute unapproved files, however, the file state remains unapproved.
  3. In the “Script Rules” chapter, within the section “What is a Script?” information regarding Chrome CRX extensions was expanded upon and clarified.
  4. In the “Script Rules” chapter, within the section “Script Rule Examples:”
    • Deleted the Windows Perl Scripts example
    • Updated the Windows Batch Scripts image to show <YaraTags:cmd_interpreter> in the Script Process.
  5. In the “Registry Rules” chapter, within the section “Registry Rule Fields,” updated table 60. In the Operation row, changed the term “Open Key” to “Open Key with Write Access.”
  6. In the “Expert Rules” chapter, within table 67, modified the description for table row “Modifying Operations.” The “Write Intent” option is no longer functional in expert rules.
  7. In the “Expert Rules” chapter, within table 69, modified the table row “Key Operations – Open Key.” It is now “Key Operations – Open Key” and the description reads: Open a registry key with write access.
  8. In the “System Configuration” chapter, within the section “Configuring Agent Management Privileges,” added the following text to the second bullet:

    The password must be between 1 and 64 characters long, be in the ASCII character set, and must not contain the following characters: | > < & % ( ) @ . [ ] { } : ; ^+ ! ‘ “ ` ~ ,
  1. In the “System Configuration” chapter, within table 110,” added the following text to the Enable Global Password table row:

    The password must be between 1 and 64 characters long, be in the ASCII character set, and must not contain the following characters: | > < & % ( ) @ . [ ] { } : ; ^+ ! ‘ “ ` ~ ,
  1. Minor editing and formatting changes were made that had no impact on content meaning.

Rev 2 of doc: Removed references to items deprecated in version 8.1.6: FireEye and SCEP

Article Information
Author:
Creation Date:
‎04-27-2020
Views:
3382
Contributors