Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: How to perform a GPO Deployment for EDR Sensors

EDR: How to perform a GPO Deployment for EDR Sensors


  • EDR Sensor
  • Microsoft Windows: All Supported Versions


To deploy the EDR Sensor via GPO.


  1. Downloaded the CarbonBlackGPOInstaller-X.X.X.XXXXX-<SensorGroupName> file from the EDR Server. 
  2. Extract the contents of the CarbonBlackGPOInstaller-X.X.X.XXXXX-<SensorGroupName> file to a network share/shared folder.
  3. In the Group Policy Objects interface, right-click > New 
  4. Name the new GPO 
  5. Right-click the GPO > Edit 
  6. Select Computer Configuration > Policies > Software Settings > Software Installations 
  7. Right-click Software Installations > New > Package > Browse to location of the cbsetup.msi > Select > Open 
  8. The Deploy Software box will pop up. Select > Advanced > OK 
  9. Add the relevant Group/OU/Computer within "Security Filtering" 
  10. Link the GPO created 
  11. Select the GPO > Select the "Details" tab and ensure the "GPO Status" is set to "Enabled"
  12. On the client machine run:
gpupdate /force /boot

Additional Notes

  • If the endpoint is removed from the "Security Filtering" within the GPO, once the endpoint updates its GPO again, it will uninstall the EDR Sensor.
  • If that is not desired, skip step 9.
  • This way, if the machine is removed from "Security Filtering", it will not automatically uninstall the EDR Sensor.
  • Please test before deployment.

Labels (1)
Tags (2)
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Creation Date: