Environment
- App Control Agent: All Versions
- Linux: All Supported Versions
Objective
To completely stop/start the App Control Agent for testing purposes.
Resolution
Disable Agent:
- Use Terminal to issue the following commands:
cd /opt/bit9/bin
./b9cli --password 'GlobalCLIPassword'
./b9cli --tamperprotect 0
./b9cli --shutdown
- Run the following command to confirm the b9daemon process has stopped (it may take a few moments for the services to fully shutdown):
ps -ef | grep -i bit
- Run the following command to confirm the version associated with the b9k_ module:
lsmod | grep b9k
- Unload the b9k module, then confirm it is no longer listed in the modules:
rmmod b9k_VERSION
lsmod | grep b9k
- Perform testing.
- NOTE: When the Agent is not running it will be unable to monitor the creation of new files.
- Any File Creation Control Rule will not be able to properly issue Local Approvals and may cause issues in execution once the Agent is enabled again.
Enable Agent:
- Issue the following commands in Terminal:
./b9cli --startup
./b9cli --status
- Verify the Agent shows as Connected with Tamper Protection Enabled.
Additional Notes
Running the commands in Step 1 will do the following:
- Prevent the Agent from communicating with the App Control Server.
- Prevent the Agent from tracking any file operations.
- Prevent the Agent from taking any actions.
- Allow the Agent to be uninstalled.
Related Content
