Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CbDefense Windows Sensor 3.3 Release Notes - November Update

CbDefense Windows Sensor 3.3 Release Notes - November Update

Update 10/18 - Added known issue DSEN-4004

Update 11/13 - Added issues associated with the re-release of the 3.3 sensor

Update 12/6 - Added additional fixes associated with the 3.3.0.984 sensor

Update 12/18 - Added information regarding security vulnerability resolution

Update 1/18 - Added DSEN-4520

Attachments
Comments

I do not see the update on our console 

was there problems with the update that merit it being pulled? I no longer see if available from the console, but I had downloaded it while it was still listed. Should I be concerned about installing version 3.3?

Buhler, Anyone?

It was available and then was apparently causing BSODs.  There's an update about it in the console on the upper right of the screen.  Not sure when it will be re-released.  I think they're testing with the customers who saw the BSOD before they release it to the rest of their customers.

Hi,

Has anyone faced any issue with this new CB defense sensor version 3.3.0.982 ?

 Hi,

Under Known issues its mentioned that with CB sensor version 3.3 "Major Windows updates occasionally fail" and if we have to avoid it we need to bypass the system and then update the windows and then disable bypass.

 

Although its said that occasionally fail but if it did happen then its a serious issue since its not possible to enable bypass on all systems where number of system count is huge

 

i encountered the issue where the CB cloud portal is not showing the updated enpoint CB version 3.3.0.982 while the endpoint has been updated to 3.3.0982. Should I be concerned about this latest version? 

Hi @shuming,

I installed the CB 3.3 but  its showing correct version locally as well as in CB console.

1)On CB cloud portal is it showing different version or its empty?

2)Are you able to see the 3.3 version locally on the system?

3)Is this is related to any specific OS or on all OS?

4)On how many systems you are experiencing this issue?

If you think everything is alright from your end and its a generic issue on all systems then you should raise this concern to support so that if this is really a issue then it should get fixed

Is there available function "Go Live" ? 

 

as a point of reference, I've had 3.3.0.953 installed on my daily driver workstation since 10/5 and I haven't encountered any issues specifically, but it looks like waiting for 3.4 is the next best option.

About 05 instance (defense-prod05.conferdeploy.net), when will ver 3.3 sensor be released?

We cannot upgrade from GUI...

Hi,

Has anyone installed the CB sensor 3.3 with SID option for Enabling the RepCLI Supportability Tool - User Groups.

I installed it but I am not seeing any option how to use it.

Let me know if anyone has tried this

Seeing a lot of users complaining about the freezing of applications for a window of time usually becomes unresponsive for 1 to 2 minutes and then goes back to work.

Hi @cduckadm,

When its happening?I mean after you start the system or when you open any application?

Is it on workstation/laptop or server also?

Have you checked this with CB support 

Hi, @haaris this is occurring throughout the day during normal operation. You can be in the program and a window pops up or clicking a submit or ok contextual button and the entire system seems to freeze. You can still move the mouse but cannot click or type for up to 2 minutes so far.

Hi @cduckadm,

Can you revert  2-3 systems to old version 3.1 from 3.3 to check if its actually related to new version of CB.

Have you raised this query with CB support team

@haaris The older version of the client is working just fine at this time. Have not opened a case due to time and need to prove that this is related to the current version. Will begin working with support as soon as I can get some breathing room.

Hi @haaris

You should be able to execute commands through the command line by running a command in the command line like so -  

 C:\Program Files\Confer>RepCLI.exe status

  The fix for the Redstone upgrade problem is currently targeting the release of the 3.4 sensor.

Hi @mclausen,

Thanks for the info..

I already did and commands are working

I do not see 3.3 in my console and it sounds like that might be a good thing.  Has it been pulled and if so why does this not show up in the consoles NOTIFICATIONS section?

Hi,

Can anyone tell me what is the difference between 3.3.0.982 and latest one 3.3.0.984.

Are their any specific issues resolved in 984 which were not there in 982

Hi @haaris,

 

Refer to the 'Update 11/26:' section on the following article:

https://community.carbonblack.com/t5/Cb-Predictive-Security-Cloud/3-3-Windows-Sensor-Status/m-p/5982...

 

Regards,

 Haro

Thanks for the link Haro.  I'm not sure if you'd know but why are new Cb Defense releases that supposedly resolve issues from 3.3.0.953 not available in the console?  Prod05 only has 3.2.1.51 available, not  3.3.0.973, 3.3.0.982, or 3.3.0.984

Hi @aurele,

The following post indicates that the new 3.3.0.984 will be available for Prod05 on Dec 13th:

https://community.carbonblack.com/t5/Cb-Predictive-Security-Cloud/3-3-Windows-Sensor-Status/m-p/6353...

 

I think the availability issue, is just timing of release date to each servers and the date problems were found with modules.

3.3.0.953 was available for all servers at one time, but had been pulled due the BSOD and boot hang problems.

3.3.0.973 and 3.3.0.976 were available for test users only.

3.3.0.982 was available to Prod02 and some other users, but new BSOD problem was found before release to Prod05.

Finally 3.3.0.984 is getting provided for all servers.

 

And I hope, the coming new 3.4 sensors gets released smoothly. Fingers crossed.

 

Regards,

  Haro

 

Thanks @haro, good info there, I appreciate the link.  

Fingers crossed for a stable 3.4 sensor indeed.

 I have to wonder if RepCLI only get's enabled on new installs, not upgrades. In this case it's kinda annoying to have to uninstall and then reinstall the newest version to get the enhanced ability. Sounds like fun...

@cstamand

The team is reviewing the functionality for enabling RepCLI access from the console. Its not in short term plans but it is on our radar.

In the meantime, you can file a feature request for enabling RepCLI in idea central.

@haaris The issue represented by DSEN-4237 & EA-13407 was the issue that initiated the maintenance release and was resolved between 3.3.0.982 and 3.3.0.984

@haaris In regards to your comment on OS upgrades being blocked, the 3.4 sensor has some improvements beyond the bypass scenario.

Users can workaround this issue by temporarily adding the following paths to bypass:

  1. **\windows\servicing\**
  2. **\$windows.~b\**

The user can also workaround this by ensuring the policy configuration: "When an unknown application tries to run - deny/terminate" is disabled when attempting to upgrade.

3.3.0.953 NO BSOD but conflicted with our Citrix environment.

3.3.0.984 Deploying to our test devices to validate working with Citrix and ensure no BSOD.

3.4 Hopes it get's released soon but if 3.3.0.984 pass validation test's will be a while before rolling out 3.4 to production due to prior conflicts with version releases.

 

 

I'm in this boat as well, I pushed out a few hundred of the 3.3* sensors for testing, and now none of them seem to have the CLI_USERS option set. It would be awesome if this CLI_USERS SID string could be set within the PSC portal, so when you trigger an upgrade from the portal, it passes this parameter down for the upgrade.

 

EDIT: looks like there's already an Idea Central post for this here: https://community.carbonblack.com/t5/Idea-Central/Allow-RepCLI-authentication-to-be-enabled-on-exist...

Everyone go vote! :)

"DSEN-2990
Major Windows updates occasionally fail. This has only been observed
during upgrades from Redstone 3 to Redstone 4. Users must place the
sensor in bypass mode to upgrade major operating systems, and then
re-enable the sensor.
"

I can officially state that I have "observed" this with an upgrade from Redstone 4 (1803) to Redstone 5 (1809). Two consecutive failed upgrade attempts. Then I remembered seeing this issue in the release notes, so I placed CB in bypass and surprise, the upgrade completed with no problems. This REALLY needs to be fixed. I am not going to bypass CB and manually upgrade every computer when we finally approve 1809. 

Article Information
Author:
Creation Date:
‎10-01-2018
Views:
26441
Contributors