Sensor Upgrade takes place, disconnecting the sensor.
Device shows connected in Cb Protection, but not Cb Response
Devices reconnect when the Cb Response Tamper Protection Rapid Config is disabled.
The Versions of the Rapid Config is 26 or lower (add version column in Rapid Config tab)
The cause of this issue, is an out of date Rapid Config rule on the agent. The old version of the rapid config did not include binaries and changes that the new sensors use, thus the upgrade is denied. An upgrade to this Rapid Config is pushed automatically through the CDC connection, but if this is disabled or disconnected you may still have the old rule.
Two resolutions exist, first to update the rule automatically and secondly to do a manual update.
In the Cb Protection console navigate to Administration (Gear in top right corner) > System Configuration > And select the Licensing Tab
Check if the Cb Collective Defense Cloud is enabled. If not enabled, enable this and read through all the options, as some options do share data with Carbon Black.
If this is already enabled, click the Options button, and make sure the option: Enable Automatic Update of Updaters, Advanced Threat Indicators, Rapid Configs and Content Analysis Rules is enabled.