Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Response: Issue Identified with latest version of Chrome (Chrome 57)

Cb Response: Issue Identified with latest version of Chrome (Chrome 57)

Hi All,

The Cb Response Engineering Team has identified an issue when viewing the Cb Response Process Analyze Page in the latest version of Chrome (Chrome 57).  In this version of Chrome, the Process Analyze Tree view will fail to render.

The team is working diligently on a fix, please monitor this post for updates. Click "Follow" on the right menu

Update 3/21/2017:

Hi All,

We have identified and fixed the issue mentioned here in the post.  We are currently validating the fix and will have a firm timeline for delivery in the next few days.  This fix will be delivered for versions 5.2.x and 6.x. On-prem customers will get the code from our standard YUM repositories and Cloud customers will be updated automatically.


Please track this post for updates on availability by clicking "Follow" on the menu to the right. -Thanks

Update 3/22/2017:

Hello All,

The fix is validated and is now available for On-Prem Customers running 5.2.x Servers (not wishing to upgrade to the latest 6.1 version). Please follow the instructions here:

1) Ensure that your CarbonBlack YUM repository is pointed to our current 5.2.6 baseurl: https://yum.distro.carbonblack.io/enterprise/release/x86_64/

2) Run "yum upgrade cbui" on the master node only in a clustered environment or the standalone server in a non-clustered environment. Ensure the version is not 6.2.1.170416.2109, it should be 5.2.7.170315.1553.

3) No restart of services is required, however you may need to force reload the UI pages in your browser to see the fix.

If you are an on-prem customer that is running an Early Access version of 6.x, we will reach out directly with an update. All Cloud Customers will have their instances updated automatically.

If you have any questions, please reply to the post here.  For any issues, please contact Cb Technical Support. -Thanks

Thanks,

Justin

Technical Product Manager - Cb Response

The fix is validated and is now available for On-Prem Customers running 5.2.x Servers (not wishing to upgrade to the latest 6.1 version). Please follow the instructions here:  1) Ensure that your CarbonBlack YUM repository is pointed to our current 5.2.6 baseurl: https://yum.distro.carbonblack.io/enterprise/release/x86_64/  2) Run "yum upgrade cbui" on the master node only in a clustered environment or the standalone server in a non-clustered environment. Ensure the version is not 6.2.1.170416.2109, it should be 5.2.7.170315.1553. 3) No restart of services is required, however you may need to force reload the UI pages in your browser to see the fix.
Comments

hello Justin,

Which CBR version is affected?

thank you, Mathias

FWIW testing with Google Chrome, version 56 no problem.  Version 57 (57.0.2987.98) works okay on our production server (CB ER 5.2.0 Patch 3) but fails on our dev/test instance running 5.2.6.  Failure is that the process tree renders but is placed incorrectly overlaying other content.

FYI this has caused us to postpone production deployment of 5.2.6 pending resolution of this problem, because our SOC and threat analysts use the process search function and this problem impacts their ability to do their jobs.

Please advise about plans for correction ASAP as this will be getting management attention in the near future if it has not already done so.  It will be viewed as yet another QC problem from Carbon Black.  Not good.

This Chrome 57 (released 3/9/2017 per https://chromereleases.googleblog.com) issue also affects CBER 5.2.5 (released in Jan 2017) which is the version after 5.2.0 Patch 3:

To be clear, I understand this really isn't a CB QA problem, but there have enough of them that perceptions are pre-conditioned to expect such...

Tough situation for you [CB] to be in.  Hope there is a quick fix forthcoming so we can put this in the rear-view mirror as soon as possible!

Hi, is there a time frame for a fix for this?

Hello,

We're also looking for information on this issue - are there any updates or ETA on a fix?

Also appears to affect Firefox 51+ as well. Presents slightly differently, but the process trees aren't able to be easily selected or seen.

just tried Firefox 52.0 on El Cap (macOS 10.11.6), some worked some didn't.  Simple cases were okay, was about to declare it ok when last one I tried failed...

We are on 5.2.5 and no version of Chrome past 57 works.  Tried Chrome beta, dev, and canary.  Firefox doesn't display the process tree correctly, especially moving the tree in the window.  IE also does not work in Carbon Black. Would be awesome if CB working in different browsers.  We did find that Vivaldi works without issue (so far).

Could we please get an official Carbon Black update on the extent of this problem?  Do you also see the problem with Firefox 52?  We have anecdotal stories of a more widespread issue across multiple browsers which will stop us from any upgrades if we can't utilize a main part of the software.  My last check showed that the release notes for the 5.2.6 version and/or corresponding User Exchange release post do not list this known issue.

CB is by default blocking all browsers except Chrome and Firefox. Can this be disabled ?

This also appears to be affecting our 5.2.0 patch 3 instance.

Based on what I have seen, for what its worth, the process analysis tree seems to work on Microsoft EDGE on Windows 10 but unfortunately, the "Command Line  - Copy" link does not ...

Not that I am advocating the use of EDGE for CBR but just saying ...

Our current repo is different, should this repo be updated just to run this single update or should it be pointed here going forward?

Any timeline that can be communicated for fixing this in CBER Cloud?  This issue is very frustrating and if a fix is available we would like it implemented.

I agree it would be very nice to get an update on this.  Especially for the CBER Cloud customers...

yeah, i been having this issue in chrome last couple weeks also.

Information on addressing this issue for on-prem deployments is provided above in the original post.

For Cb Response Cloud deployments, we will have this issue addressed in an upcoming release which is expected to be available within a few weeks. We will provide notice of the upgrade via the Cb User eXchange a few days prior to upgrades commencing. If you are experiencing this issue with Chrome 57 and would like to have it addressed prior to the next Cb Response upgrade, please contact Cb Technical Support.

i installed firefox, and the process tree loads normally into the tree, but when i single click anywhere in the box, it all disappears .  we use cloud version.

Firefox is not a supported browser for Cb Response, so odd results could be encountered. Currently, Chrome is the only supported browser.

thanks, that solves that one.

has anyone tried to reimage there computer to resolve the issue? i seem to be the only one at my company having this chrome issue, wondering if reimage might fix it? thank you.

The fix is validated and is now available for On-Prem Customers running 5.2.x Servers. Please follow the instructions here:

1) Ensure that your CarbonBlack YUM repository is pointed to our stable baseurl: https://yum.distro.carbonblack.io/enterprise/stable/x86_64/

2) Run "yum upgrade cbui" on the master node only in a clustered environment or the standalone server in a non-clustered environment

3) No restart of services is required, however you may need to force reload the UI pages in your browser to see the fix.

we use cloud version

Understood - I uninstalled chrome and installed 56/disabled updates until they had the fix in place

So any news on the Cloud Version, I mean, for a "High End" IR Solution like Carbon Black, which we paid good $$$ towards, and I get this as my Process Analysis page, see below:.  Picture has been Sanitized.    Just wondering how else am I suppose to work.   I'm new to Carbon Black, and to IR, but really?  Just my two cents.   Sorry to Rant.  Love the Idea of the product, just having a hard time moving around it with the below.    

Screen Shot 2017-04-04 at 11.15.26 AM.png

Shawn.

We be happy to address this for you in your cloud instance as mentioned above. Please open a support case on this and we will take care of it.   Thanks

Hi Michael,

Only reason why I have not put a Ticket in, as it seems to be across the board correct for the Cloud?  I mean if you fix mine with a tweak, what about the others that suffer this same problem, I would rather wait for the "Official" fix that way we don't have to tweak my browser etc.  I mean I can build a vm box, and load chrome 56 and disable updates, like mention above.      Unless you think looking at my browser will help the ultimate root cause fix for the issue for all if I log a ticket?   I'm not mad about this, if my comments are coming off to strong.  I know it's hard to read emotions sometime on forums. 

Thanks,

Shawn. 

hi, i can click on the process tree in a certain spot, and drag it up to the middle of the window it should load in.

then i can at least browse half of the processes, the top always gets cut off, and sometimes it just jumps back all the way down, like your picture looks. i think i will submit a case , as i can not go back versions in chrome. thank you.

mine has started working normal again today for first time in weeks. 

Update doesn't appear to go through, but I'm not sure we're pointed to the correct yum repository? How can I check and/or update that?

Never mind. I had to do an update and then run the cbui upgrade.

I was experiencing this issue on Chrome, Firefox, and Opera.

After applying the update it is now fixed across all 3 browsers.

We are on 5.2.5 (On-Prem servers) and trying to apply the fix for CHROME 57+ display issues by following below steps. At step 2, it is mentioned that "Ensure the version is not 6.2.1.170416.2109, it should be 5.2.7.170315.1553". But, while i am trying to apply fix, it says "Updating cbui with version 6.2.1.170601.2251-1".

So my question is, how we can ensure here the cbui version as 5.2.7.170315.1553? Any idea?

NOTE: We currently dont have plans to upgrade the CBER to 5.2.3 or 6.1

              1) Ensure that your CarbonBlack YUM repository is pointed to our current 5.2.6 baseurl: https://yum.distro.carbonblack.io/enterprise/release/x86_64/

              2) Run "yum upgrade cbui" on the master node only in a clustered environment or the standalone server in a non-clustered environment. Ensure the version is

                  not 6.2.1.170416.2109, it should be 5.2.7.170315.1553.

              3) No restart of services is required, however you may need to force reload the UI pages in your browser to see the fix.

Article Information
Author:
Creation Date:
‎03-10-2017
Views:
17926