Environment
- Carbon Black Cloud Sensor (for Linux): 2.8.0.238774
- Endpoint Standard
- Enterprise EDR
Symptoms
- Linux distro and kernel have been verified in Supported Distros to confirm it is compatible with Enterprise EDR (formerly known as ThreatHunter)
- Install appears to be successful, however, events are missing after deploying the sensor using a third-party deployment tool
Cause
The installers were designed to keep the components distribution agnostic as in future versions of the sensor, components will be delivered on demand from the cloud. Nonetheless VMWare Carbon Black is taking this deployment limitation into account.
Resolution
Working as designed. The sensors components are installed as part the install routine when running sudo ./install.sh '[Company Code]', which invokes ./blades/bladesUnpack.sh
Additional Notes
As a workaround, ./blades/bladesUnpack.sh can be ran after installing the 2.8.0.238774 sensor.
Alternatively, an earlier version of the sensor can be deployed, such as 2.7.0.187460, then upgrade to the desired version from the console, thereby getting all the components installed (as well as the newer agent).
Related Content
