logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: Blocks When Server/Console Is Down or Unavailable

App Control: Blocks When Server/Console Is Down or Unavailable

Environment

  • App Control Agent (formerly CB Protection): All Supported Versions
  • App Control Console (formerly CB Protection): All Supported Versions
  • Microsoft Windows: All Supported Versions

Symptoms

  • Server/App Control console is down or unavailable
  • Wanting to avoid or circumvent blocks on endpoint(s) while server is down

Cause

Planned or unplanned downtime of the App Control Server/Console

Resolution

Planned Downtime Options (from the console):
  1. Change the "Disconnected Enforcement Level" to Medium or Low Enforcement
    1. Login to the Console
    2. Navigate to Rules > Policies
    3. Click to edit each desired policy
    4. Change "Enforcement Level (Disconnected)" to Low or Medium
    5. Revert when downtime is complete
  2. Put the devices into local approval mode
    1. Login to the Console
    2. Navigate to Assets > Computers
    3. Select computer(s) > Action > Move to Local Approval
    4. Revert when downtime is complete
Unplanned Downtime (Manually):
  1. Place the device into low/med enforcement or into local approval mode
    1. Login to the affected device
    2. Open admin CMD prompt
    3. Run commands: 
      cd c:\program files (x86)\bit9\parity agent
dascli password <Password>
dascli enforcement low  (or med)
dascli status (confirm enforcement level)
    4. Restart endpoint or CB Protection agent service to revert enforcement level.
  2. Put the device(s) into local approval mode:
    1. Login to the affected device
    2. open admin CMD prompt
    3. Run commands: 
      cd c:\program files (x86)\bit9\parity agent
dascli password <Password>
dascli disconnect
dascli enforcement 35
dascli status (confirm enforcement level shows local approval)
    4. After the server is back up :
      1. Run the command: 
        cd c:\program files (x86)\bit9\parity agent dascli password <Password>
dascli disconnect
      2. OR - Restart endpoint or App Control agent service to revert enforcement level.
    5. Confirm the agent is back to being connected and in the correct enforcement mode by running the command 
      dascli status

Additional Notes

  • Lowering the enforcement level or changing to local approval does come with risk. Refer to the User Guide for more information.
  • Transitioning from Low Enforcement back to High enforcement can locally approval all unapproved files depending on policy setting. Refer to the User Guide for more information.

Related Content


Labels (1)
Labels:
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
2227
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.