Update to the Carbon Black Defense Local Scanning Engine
In addition to being available via the automated updates, the new signature pack will be available starting tomorrow 7/18 for download from the UI. To download it follow these steps:
Open endpoints management page by clicking on endpoints on the menu.
From the sensor options drop down on the top right side choose "download sensor kits".
When the downloads modal opens, select the latest AV Signature Pack and download.
* Note: This is an illustrative screen shot, the version numbers might not reflect latest versions on production environment.
Update 7/16 - The upgrade is now available as scheduled.
Sensors with “Allow Signature Updates” and supported sensor versions will automatically get the upgrade.
The standalone Manual Installer is available at the bottom of this post. The Manual Installer is ONLY available for 3.1 Windows sensors and above. If using the Manual installer, please disable auto-updates in your UI, until Tuesday, July 17th 8 am EST.
Update 7/11 - The upgrade is now scheduled to take place on July 16th. This auto-upgrade will work for all supported sensor versions.
The standalone Manual Installer is now available at the bottom of this post. The Manual Installer is ONLY available for 3.1 Windows sensors and above. If using the Manual installer, please disable auto-updates in your UI, until Tuesday, July 17th 8 am EST.
For clients below 3.1, that have concerns about the automatic upgrade (on July 16th), we recommend setting your Local Scan Settings to update over the largest time window (24 hours). Again, we do not anticipate the auto-upgrade to have any impact on endpoints.
Update: 7/9 - The previous target date for the automatic update of July 10th has been pushed back to July 16th. Carbon Black is working to generate the standalone installer. The automatic installer update will be pushed at a later date, after the standalone installer is generated and distributed via this UeX post. This post will be updated with the standalone installer link as well as more specific timelines in the next few days.
In a few days, Carbon Black will be providing an update to the local scanner deployed to Microsoft Windows Operating Systems that will apply a new technology, that will reduce the size of the signature database by more than 70% percent (without losing any coverage of malicious threats)! This update will result in a reduction of the local file size on the disk (as well as memory usage) and will improve overall scan performance.
This update will first come in the form of a standalone installer so that the rollout can be managed according as your organization sees fit. After the standalone installer is provided, all sensors will undergo an automatic update within a week or two. The exact dates will be provided in a couple of days.
Carbon Black expects this update to be 62 MB in size, and to have a minimal impact.
Although we do not anticipate this update to cause any impact during upgrade, customers with large deployments or reduced network bandwidth may experience temporary network congestion when pulling this update from the cloud.
If there is concern about the amount of traffic that this update will generate on your network, Carbon Black recommends the Manual instructions outlined below:
In order to achieve this performance improvement, please follow the below steps for Automated and Manual download:
Ensure “Allow Signature Updates” is enabled on the policy ‘Local Scan’ settings.
Optional - Increase the window of time between updates to spread the update over a larger period of time. This can be configured from the Local Scan Settings tab within a policy. Options include 2, 4, 8, 12 and 24 hours.
Temporarily disable updates using policy ‘Local Scan’ settings to the local scanner prior to the July 10th delivery date to avoid having the sensors pull the update from the cloud (see image below). Then deploy the update using the provided standalone installer in a controlled manner, then re-enable signature updates via policy settings on July 17th following the update. Please see the following knowledge base document for more information. https://community.carbonblack.com/docs/DOC-5786