I'm excited to announce the release of CB Protection Server 8.1.4. This release adds the following improvements:
Server, default rules and Windows agents are now released separately in order to provide fixes and updates more rapidly and to ease deployment of the Mac and Linux agents. It is important to note that no agents or rules come with the server installation package which will require you to download the default rules and agent packages from the User Exchange. Please see the “Uploading Agent Installer and Rules to the Server” chapter in the CB Protection 8.1.4 User Guide for more details.
Changes to dascli
In a new CB Protection deployment, per-agent CLI passwords will be disabled.
During an upgrade, the existing Agent Management settings will be used.
We now recommend using User or Group permissions to manage the agent or to use the Global password and use a high entropy password. By design the per-agent CLI password is low entropy.
SQL Server 2016 SP2 and SQL Server 2017 are now supported for CB Protection Server installs.
Customers that have a CB Predictive Security Cloud license can now look up files, computers, and events using the PSC integration Connector found on the connectors tab. Once configured, links will appear on the file and computer details page. Clicking these links will take you to the relevant PSC page.
You can now export File Prevalence to Syslog.
The Password hashing algorithm has been updated to use SHA256.
There is a new Script rule to track *.hta files when the process is *\mshta.exe. This rule is enabled by default due to the security value it provides. Upon upgrade of the server, all agents will automatically run a cache consistency check to discover and approve any pre-existing HTA files. This cache consistency check may cause temporary I/O overhead on endpoints. Carbon Black recommends considering potential user impact when scheduling the server upgrade.
New options for excluding the tracking of Microsoft support files. You can now exclude tracking these files at the server or the Agent. You can find more information about these new options in the “Excluding Tracking of Microsoft Support Files” section of the CB Protection 8.1.4 User Guide.