Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud Sensor: How to Avoid Duplicate Sensor ID's When Imaging or Using VDI

Carbon Black Cloud Sensor: How to Avoid Duplicate Sensor ID's When Imaging or Using VDI


  • CB Cloud Windows Sensor:  Versions older than
  • CB Cloud Linux Sensor:  Versions older then 2.12
  • Microsoft Windows:  All supported versions
  • Linux:  All supported versions


How to avoid duplicate sensor ID's when registering sensors against the CB Cloud


Upgrade to sensor version (Windows) or 2.12.x (Linux) and Higher as additional sensor functionality has been implemented to avoid duplicate device_id's

Additional Notes

  • The newer sensor versions and corresponding back-end changes have a way to check to see if the sensor is using a duplicate device_id, by using a machine UUID/hash generated via static information from the OS. 
  • When the sensor is started, it generates a hash of the system, which will never be the same between 2 different systems, even clones or VDI systems -- but the hash will not change on the same system, even after a system restart. 
  • When a sensor checks in with a device_id and corresponding hash, the cloud backend verifies that the device UUID/hash is the same as previously associated with the device_id. 
  • If the stored hash is different than the one being presented by the sensor during check-in, then the backend tells the sensor to automatically re-register itself.   
  • This prevents duplicate device_id's.
  • These settings can be modified during installation of the Windows sensor per the AUTO_REREGISTER_FOR_VDI_CLONES= setting described here.
  • AUTO_REREGISTER_FOR_VDI_CLONES=1 is recommended for physical machines to prevent them from changing device_id.
  • There is a behavior in EA-20280 which will cause reregistered machines to be marked as VDI and linked to the original device_id.

Related Content

Was this article helpful? Yes No
No ratings
Article Information
Creation Date: