Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Defense: Master VDI Sensor Deregisters after Running "RepCli reregister onrestart"

CB Defense: Master VDI Sensor Deregisters after Running "RepCli reregister onrestart"

Environment

  • CB Defense Sensor: 3.4.x and higher
  • Virtualization Platform: Any

Symptoms

  • CB Defense sensor on the master image was installed without VDI=1 MSI parameter
  • The command below was executed as part of master image:
"C:\Program Files\Confer\RepCLI.exe" reregister onrestart
  • VDI sensors are setup to deregister upon becoming inactive (Endpoints > Sensor Options > Sensor Settings)
  • The master image machine remains offline longer than the deregistration criteria
  • When the master sensor is brought back online, the sensor is deregistered and uninstalled
  • Sensor is deregistered and will be uninstalled

Cause

  • Running RepCli "reregister onrestart" or RepCli "reregister now" will designate the machine the command is ran from as a VDI clone
  • VDI machines, including the master will become deregistered should they remain offline longer than the deregistration time limit

Resolution

Carbon Black is aware of the issue, and is working on improving the master creation process.

Workaround:
  • Reinstall the sensor on the master should it become uninstalled due to the deregistration policy
Or
  • Run the command below on VDI clones only, ideally as a scheduled task (or GPO) upon login OR restart, preferably from a batch file, and a five-minute delay if scheduled at boot time
    if /i %computername% == MASTER (echo Skipping reregistration) ELSE ("C:\Program Files\Confer\RepCLI.exe" reregister now)

    Where "MASTER" should be replaced the hostname of the master machine, preventing RepCLI from running from the master.

Additional Notes

  • This issue is tracked as enhancement DSEN-5297
  • Effective sensor 3.4 and higher, the VDI=1 parameter has been deprecated
  • Don't use BASE_IMAGE=1 when deploying VDI clones

 

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
2231
Contributors